Analysis
-
max time kernel
124s -
max time network
154s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18-04-2024 16:55
General
-
Target
f8648f41f176ce6580ac37529003cdd4_JaffaCakes118
-
Size
31KB
-
MD5
f8648f41f176ce6580ac37529003cdd4
-
SHA1
a50950b49d970f4c372043e099e0121dcf70ffa2
-
SHA256
b5b4a333256dc872ab43ab68d0542b35e2f75172364355e076bbbef6b6033548
-
SHA512
765edba76ef9573904a228d1a820c80c943c678f45ae4ca4683f02ce91edaf8614a28870579b5e613e64b6071572c2dd9c982d44cf9f4ca4823747a6b75fc26a
-
SSDEEP
768:qQoUmaLPSs+EvmcoIH70OPBdZeGeIh7va/s5QKCzbooa2JgGlzDpbuR1Jq:DoR+BLHIUBdZ5P7CyQKSBVJu4
Malware Config
Extracted
mirai
MIRAI
Signatures
-
Contacts a large (16149) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/1022/exe File opened for reading /proc/1047/exe File opened for reading /proc/823/exe File opened for reading /proc/697/exe File opened for reading /proc/741/exe File opened for reading /proc/140/fd File opened for reading /proc/706/fd File opened for reading /proc/718/exe File opened for reading /proc/784/exe File opened for reading /proc/1011/exe File opened for reading /proc/1025/exe File opened for reading /proc/1043/exe File opened for reading /proc/1054/exe File opened for reading /proc/703/fd File opened for reading /proc/1141/exe File opened for reading /proc/1079/exe File opened for reading /proc/958/exe File opened for reading /proc/1031/exe File opened for reading /proc/1057/exe File opened for reading /proc/1096/exe File opened for reading /proc/793/exe File opened for reading /proc/1145/exe File opened for reading /proc/491/exe File opened for reading /proc/164/fd File opened for reading /proc/709/fd File opened for reading /proc/677/exe File opened for reading /proc/706/exe File opened for reading /proc/713/exe File opened for reading /proc/843/exe File opened for reading /proc/1069/exe File opened for reading /proc/1/fd File opened for reading /proc/977/exe File opened for reading /proc/800/exe File opened for reading /proc/691/fd File opened for reading /proc/773/exe File opened for reading /proc/963/exe File opened for reading /proc/1036/exe File opened for reading /proc/235/fd File opened for reading /proc/868/exe File opened for reading /proc/951/exe File opened for reading /proc/962/exe File opened for reading /proc/1087/exe File opened for reading /proc/767/exe File opened for reading /proc/976/exe File opened for reading /proc/1003/exe File opened for reading /proc/1090/exe File opened for reading /proc/328/fd File opened for reading /proc/703/exe File opened for reading /proc/987/exe File opened for reading /proc/1102/exe File opened for reading /proc/705/fd File opened for reading /proc/936/exe File opened for reading /proc/700/fd File opened for reading /proc/797/exe File opened for reading /proc/1063/exe File opened for reading /proc/483/fd File opened for reading /proc/1168/exe File opened for reading /proc/527/fd File opened for reading /proc/880/exe File opened for reading /proc/1075/exe File opened for reading /proc/1120/exe File opened for reading /proc/1162/exe File opened for reading /proc/528/fd File opened for reading /proc/940/exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/699-1-0x00400000-0x00455f10-memory.dmp