Analysis
-
max time kernel
149s -
max time network
152s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
-
submitted
19-04-2024 13:03
General
-
Target
fa5a667858560106b3377dafff9e3433_JaffaCakes118
-
Size
31KB
-
MD5
fa5a667858560106b3377dafff9e3433
-
SHA1
9c2ec5ef1bf924db2014f63ab4f37c7010234ae0
-
SHA256
1493df6f703118c5cb5124b305e2e2dd97d4a96fd1db3bcb29066806d9ddae8d
-
SHA512
adfe83fe389b9441310bf243dd621fb108e451f0edf9c8086d0b6ac8175058daa1a21697d62a834b89a02c9545d26cdfcfcbf612e48ae80fdbddb53689f056c9
-
SSDEEP
384:X3fpCLrsjHIX69URc+hmnulY1qHprFKt6zhS45vDajssVwfNBLXTa39RWGVCz0Nf:nfpWcehzJFYKgULAssKf7Ta3LW2
Malware Config
Extracted
mirai
LZRD
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (20419) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 42 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/fa5a667858560106b3377dafff9e3433_JaffaCakes118/tmp/fa5a667858560106b3377dafff9e3433_JaffaCakes1181⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/712-1-0x00400000-0x00455bd8-memory.dmp