General
-
Target
f9e6866838b742d7cee02fb3b4717436_JaffaCakes118
-
Size
38KB
-
Sample
240419-j96l7sdf5x
-
MD5
f9e6866838b742d7cee02fb3b4717436
-
SHA1
4fbde8207e2ca9499fbc4f0d8cf54b70315e0012
-
SHA256
381ed94988acc932d33ab5cef93f85b31df2bc352c9538415811de040945225d
-
SHA512
ccb59a2b92adb2ef610fdd7ca2c950bcf7c2bf43e42f05fd98090ca9d2abc6de9894ceaf385de70674321916dae0da317e960507ea0268b208783d1d9e1de59c
-
SSDEEP
768:tkRdVMqfF6yk6e83nlcZXAiKFLZBphBf5+sqy2uaN9JgGlzDpxYs2:C76qfF6oe8OwjLzphBf5+sgXVrYh
Static task
static1
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
f9e6866838b742d7cee02fb3b4717436_JaffaCakes118
-
Size
38KB
-
MD5
f9e6866838b742d7cee02fb3b4717436
-
SHA1
4fbde8207e2ca9499fbc4f0d8cf54b70315e0012
-
SHA256
381ed94988acc932d33ab5cef93f85b31df2bc352c9538415811de040945225d
-
SHA512
ccb59a2b92adb2ef610fdd7ca2c950bcf7c2bf43e42f05fd98090ca9d2abc6de9894ceaf385de70674321916dae0da317e960507ea0268b208783d1d9e1de59c
-
SSDEEP
768:tkRdVMqfF6yk6e83nlcZXAiKFLZBphBf5+sqy2uaN9JgGlzDpxYs2:C76qfF6oe8OwjLzphBf5+sgXVrYh
-
Contacts a large (110808) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-