General
-
Target
f377d09b8f9a54c0ef80d0dd4c2395f2_JaffaCakes118
-
Size
28KB
-
Sample
240416-pcdg2shh95
-
MD5
f377d09b8f9a54c0ef80d0dd4c2395f2
-
SHA1
cb128aaf798847e4fe2db8e1b8e6cb98b84d8a8e
-
SHA256
87fad04d1b4b96e0a44737b0fe82d5ab514f26ce6c82a3097926b995aeb68b1d
-
SHA512
d9f67d3955902bb9a90e6128cd4e5c16c37b307587d0ec17b15d4cd701d9ac4382c72e85213d3252fde7fd20ea4f5b6154446e2104989ac2f6f37693d08feb9f
-
SSDEEP
384:2XrtQcXo6WX/riY35cvtwXmp+xttrE+LMMlwrYCdB0HIhzTRmqugOn2mp0zUSRW+:T8wmwXE+5LudWohUquJ0zdW+
Malware Config
Extracted
mirai
LZRD
cnc.255gaming.xyz
Targets
-
-
Target
f377d09b8f9a54c0ef80d0dd4c2395f2_JaffaCakes118
-
Size
28KB
-
MD5
f377d09b8f9a54c0ef80d0dd4c2395f2
-
SHA1
cb128aaf798847e4fe2db8e1b8e6cb98b84d8a8e
-
SHA256
87fad04d1b4b96e0a44737b0fe82d5ab514f26ce6c82a3097926b995aeb68b1d
-
SHA512
d9f67d3955902bb9a90e6128cd4e5c16c37b307587d0ec17b15d4cd701d9ac4382c72e85213d3252fde7fd20ea4f5b6154446e2104989ac2f6f37693d08feb9f
-
SSDEEP
384:2XrtQcXo6WX/riY35cvtwXmp+xttrE+LMMlwrYCdB0HIhzTRmqugOn2mp0zUSRW+:T8wmwXE+5LudWohUquJ0zdW+
-
Contacts a large (20484) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-