General

  • Target

    f9e6866838b742d7cee02fb3b4717436_JaffaCakes118

  • Size

    38KB

  • Sample

    240419-j96l7sdf5x

  • MD5

    f9e6866838b742d7cee02fb3b4717436

  • SHA1

    4fbde8207e2ca9499fbc4f0d8cf54b70315e0012

  • SHA256

    381ed94988acc932d33ab5cef93f85b31df2bc352c9538415811de040945225d

  • SHA512

    ccb59a2b92adb2ef610fdd7ca2c950bcf7c2bf43e42f05fd98090ca9d2abc6de9894ceaf385de70674321916dae0da317e960507ea0268b208783d1d9e1de59c

  • SSDEEP

    768:tkRdVMqfF6yk6e83nlcZXAiKFLZBphBf5+sqy2uaN9JgGlzDpxYs2:C76qfF6oe8OwjLzphBf5+sgXVrYh

Malware Config

Extracted

Family

mirai

Botnet

KYTON

Targets

    • Target

      f9e6866838b742d7cee02fb3b4717436_JaffaCakes118

    • Size

      38KB

    • MD5

      f9e6866838b742d7cee02fb3b4717436

    • SHA1

      4fbde8207e2ca9499fbc4f0d8cf54b70315e0012

    • SHA256

      381ed94988acc932d33ab5cef93f85b31df2bc352c9538415811de040945225d

    • SHA512

      ccb59a2b92adb2ef610fdd7ca2c950bcf7c2bf43e42f05fd98090ca9d2abc6de9894ceaf385de70674321916dae0da317e960507ea0268b208783d1d9e1de59c

    • SSDEEP

      768:tkRdVMqfF6yk6e83nlcZXAiKFLZBphBf5+sqy2uaN9JgGlzDpxYs2:C76qfF6oe8OwjLzphBf5+sgXVrYh

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (110808) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks