General
-
Target
f179729d93651980c06727ae565f4413_JaffaCakes118
-
Size
30KB
-
Sample
240415-tssdcsag42
-
MD5
f179729d93651980c06727ae565f4413
-
SHA1
d58c15ceea23b53a2a089bd75907adc0db819fca
-
SHA256
710f53f52723d47d7595ce0ba4cb1ccf90c7e7146125321753f3fa112cc0baa3
-
SHA512
68255344846adf90413817907e3d3d1e45ead03b3a865516d875fc199653584778ff24e3ea6dee9f37fdf301be7db1ad5d9354c60ea6fc183961d1a080f64e14
-
SSDEEP
768:zygIKfw8EBsLpWEvMW9gvvDM8RY/xdf77WF:Jh3EBsLplvTYTRb
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
f179729d93651980c06727ae565f4413_JaffaCakes118
-
Size
30KB
-
MD5
f179729d93651980c06727ae565f4413
-
SHA1
d58c15ceea23b53a2a089bd75907adc0db819fca
-
SHA256
710f53f52723d47d7595ce0ba4cb1ccf90c7e7146125321753f3fa112cc0baa3
-
SHA512
68255344846adf90413817907e3d3d1e45ead03b3a865516d875fc199653584778ff24e3ea6dee9f37fdf301be7db1ad5d9354c60ea6fc183961d1a080f64e14
-
SSDEEP
768:zygIKfw8EBsLpWEvMW9gvvDM8RY/xdf77WF:Jh3EBsLplvTYTRb
-
Contacts a large (19603) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-