General
-
Target
f95f7a9fc6e5cf9ea176e6aca714e562_JaffaCakes118
-
Size
70KB
-
Sample
240419-dp184aga9x
-
MD5
f95f7a9fc6e5cf9ea176e6aca714e562
-
SHA1
7c0a31fc4152f17f6c4109058151dabd760b4bde
-
SHA256
d5a3b0d096103bf875a7e00ab4194460858ba1ba6a8f40ac9cd49159901b3ba3
-
SHA512
2d6a10f08bdf0d42760827bbe59a7f214218128b3fd80afb4cef8ebac74b8c4dec85277a96e009bed323fe2aa53bdeffdc55a0dedc88f3b74fc18d89889115bd
-
SSDEEP
1536:GbtexU5L9XouIRhb96pUQzXtwavaJ3V8OHxouJeZWDFI84M:GbtexU0r8QCKw2FbB
Behavioral task
behavioral1
Sample
f95f7a9fc6e5cf9ea176e6aca714e562_JaffaCakes118
Resource
debian9-armhf-20240226-en
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
f95f7a9fc6e5cf9ea176e6aca714e562_JaffaCakes118
-
Size
70KB
-
MD5
f95f7a9fc6e5cf9ea176e6aca714e562
-
SHA1
7c0a31fc4152f17f6c4109058151dabd760b4bde
-
SHA256
d5a3b0d096103bf875a7e00ab4194460858ba1ba6a8f40ac9cd49159901b3ba3
-
SHA512
2d6a10f08bdf0d42760827bbe59a7f214218128b3fd80afb4cef8ebac74b8c4dec85277a96e009bed323fe2aa53bdeffdc55a0dedc88f3b74fc18d89889115bd
-
SSDEEP
1536:GbtexU5L9XouIRhb96pUQzXtwavaJ3V8OHxouJeZWDFI84M:GbtexU0r8QCKw2FbB
Score9/10-
Contacts a large (20620) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-