General
-
Target
f8fe1ee9e272ea8cf03d9b8f2019ec54_JaffaCakes118
-
Size
28KB
-
Sample
240418-3h3wsabb7t
-
MD5
f8fe1ee9e272ea8cf03d9b8f2019ec54
-
SHA1
d3ec2c25bfe6bdd2186def73eed240270f7bb6d1
-
SHA256
0574d9645ffc411482391a62e3ede2806c1224283f330fa2838dd3eb21551723
-
SHA512
fa4f489dd07e0465ad71f84084540d57f7be0253f4253eac361a0f154939a6939c8e84babcc73ecc24f92a805a64c701785db6cfdd8907f6901f8bcdc7a12d90
-
SSDEEP
768:G9Jd9zCnnaNq4pgFw+0iOXITr6p0SAgGWS:G9JdmOqwgFJOXP4
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
f8fe1ee9e272ea8cf03d9b8f2019ec54_JaffaCakes118
-
Size
28KB
-
MD5
f8fe1ee9e272ea8cf03d9b8f2019ec54
-
SHA1
d3ec2c25bfe6bdd2186def73eed240270f7bb6d1
-
SHA256
0574d9645ffc411482391a62e3ede2806c1224283f330fa2838dd3eb21551723
-
SHA512
fa4f489dd07e0465ad71f84084540d57f7be0253f4253eac361a0f154939a6939c8e84babcc73ecc24f92a805a64c701785db6cfdd8907f6901f8bcdc7a12d90
-
SSDEEP
768:G9Jd9zCnnaNq4pgFw+0iOXITr6p0SAgGWS:G9JdmOqwgFJOXP4
-
Contacts a large (20433) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-