Analysis

  • max time kernel
    124s
  • max time network
    154s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240226-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    18-04-2024 16:55

General

  • Target

    f8648f41f176ce6580ac37529003cdd4_JaffaCakes118

  • Size

    31KB

  • MD5

    f8648f41f176ce6580ac37529003cdd4

  • SHA1

    a50950b49d970f4c372043e099e0121dcf70ffa2

  • SHA256

    b5b4a333256dc872ab43ab68d0542b35e2f75172364355e076bbbef6b6033548

  • SHA512

    765edba76ef9573904a228d1a820c80c943c678f45ae4ca4683f02ce91edaf8614a28870579b5e613e64b6071572c2dd9c982d44cf9f4ca4823747a6b75fc26a

  • SSDEEP

    768:qQoUmaLPSs+EvmcoIH70OPBdZeGeIh7va/s5QKCzbooa2JgGlzDpbuR1Jq:DoR+BLHIUBdZ5P7CyQKSBVJu4

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (16149) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/f8648f41f176ce6580ac37529003cdd4_JaffaCakes118
    /tmp/f8648f41f176ce6580ac37529003cdd4_JaffaCakes118
    1⤵
      PID:699

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Defense Evasion

    Impair Defenses

    1
    T1562

    Discovery

    Network Service Discovery

    2
    T1046

    System Network Connections Discovery

    1
    T1049

    System Network Configuration Discovery

    1
    T1016

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/699-1-0x00400000-0x00455f10-memory.dmp