Analysis
-
max time kernel
149s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
-
submitted
17/04/2024, 00:37
General
-
Target
f4ac166ab3b83dfb05acb44a00978ea6_JaffaCakes118
-
Size
30KB
-
MD5
f4ac166ab3b83dfb05acb44a00978ea6
-
SHA1
f35bad3e72abf1a3077171d13b676b2f2d7e5e5d
-
SHA256
9aaba08a566dffe2923e9e5037baab65dc24f9bda8ee6e4ce03ce09418a66a4b
-
SHA512
243043434be05b09b4e8a53fb8d8330b6e8178dc5e94f73c1560c1d3367e5279142d65552b32994334f286a6d3abe960b1f747a1c22e04782b5e8557e4049201
-
SSDEEP
768:4IyvYLznDEB2iC+sD6PGL29pVhMJ8yoj63XjJgGlzDpbuR1JX:43YnnDEBI+siJpEJtV5VJu5
Malware Config
Extracted
mirai
UNST
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (20341) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 43 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/f4ac166ab3b83dfb05acb44a00978ea6_JaffaCakes118/tmp/f4ac166ab3b83dfb05acb44a00978ea6_JaffaCakes1181⤵