Overview

overview

10

Static

static

7

f377d09b8f...kes118

debian-12-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f377d09b8f9a54c0ef80d0dd4c2395f2_JaffaCakes118

  • Size

    28KB

  • Sample

    240416-pcdg2shh95

  • MD5

    f377d09b8f9a54c0ef80d0dd4c2395f2

  • SHA1

    cb128aaf798847e4fe2db8e1b8e6cb98b84d8a8e

  • SHA256

    87fad04d1b4b96e0a44737b0fe82d5ab514f26ce6c82a3097926b995aeb68b1d

  • SHA512

    d9f67d3955902bb9a90e6128cd4e5c16c37b307587d0ec17b15d4cd701d9ac4382c72e85213d3252fde7fd20ea4f5b6154446e2104989ac2f6f37693d08feb9f

  • SSDEEP

    384:2XrtQcXo6WX/riY35cvtwXmp+xttrE+LMMlwrYCdB0HIhzTRmqugOn2mp0zUSRW+:T8wmwXE+5LudWohUquJ0zdW+

Score
10/10
mirailzrdbotnetdiscoveryupx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

C2

cnc.255gaming.xyz

Targets

    • Target

      f377d09b8f9a54c0ef80d0dd4c2395f2_JaffaCakes118

    • Size

      28KB

    • MD5

      f377d09b8f9a54c0ef80d0dd4c2395f2

    • SHA1

      cb128aaf798847e4fe2db8e1b8e6cb98b84d8a8e

    • SHA256

      87fad04d1b4b96e0a44737b0fe82d5ab514f26ce6c82a3097926b995aeb68b1d

    • SHA512

      d9f67d3955902bb9a90e6128cd4e5c16c37b307587d0ec17b15d4cd701d9ac4382c72e85213d3252fde7fd20ea4f5b6154446e2104989ac2f6f37693d08feb9f

    • SSDEEP

      384:2XrtQcXo6WX/riY35cvtwXmp+xttrE+LMMlwrYCdB0HIhzTRmqugOn2mp0zUSRW+:T8wmwXE+5LudWohUquJ0zdW+

    Score
    10/10
    mirailzrdbotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (20484) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Network Service Discovery

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks