Analysis
-
max time kernel
149s -
max time network
152s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
19-04-2024 13:03
General
-
Target
fa5a667858560106b3377dafff9e3433_JaffaCakes118
-
Size
31KB
-
MD5
fa5a667858560106b3377dafff9e3433
-
SHA1
9c2ec5ef1bf924db2014f63ab4f37c7010234ae0
-
SHA256
1493df6f703118c5cb5124b305e2e2dd97d4a96fd1db3bcb29066806d9ddae8d
-
SHA512
adfe83fe389b9441310bf243dd621fb108e451f0edf9c8086d0b6ac8175058daa1a21697d62a834b89a02c9545d26cdfcfcbf612e48ae80fdbddb53689f056c9
-
SSDEEP
384:X3fpCLrsjHIX69URc+hmnulY1qHprFKt6zhS45vDajssVwfNBLXTa39RWGVCz0Nf:nfpWcehzJFYKgULAssKf7Ta3LW2
Malware Config
Extracted
mirai
LZRD
Signatures
-
Contacts a large (20419) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 42 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/707/exe File opened for reading /proc/732/exe File opened for reading /proc/594/fd File opened for reading /proc/718/fd File opened for reading /proc/543/exe File opened for reading /proc/594/exe File opened for reading /proc/713/exe File opened for reading /proc/710/exe File opened for reading /proc/711/exe File opened for reading /proc/343/fd File opened for reading /proc/384/fd File opened for reading /proc/705/fd File opened for reading /proc/713/fd File opened for reading /proc/597/fd File opened for reading /proc/708/fd File opened for reading /proc/715/fd File opened for reading /proc/719/fd File opened for reading /proc/147/fd File opened for reading /proc/337/fd File opened for reading /proc/346/fd File opened for reading /proc/561/fd File opened for reading /proc/691/exe File opened for reading /proc/826/exe File opened for reading /proc/1/fd File opened for reading /proc/383/fd File opened for reading /proc/369/fd File opened for reading /proc/704/fd File opened for reading /proc/716/fd File opened for reading /proc/704/exe File opened for reading /proc/691/fd File opened for reading /proc/720/fd File opened for reading /proc/561/exe File opened for reading /proc/719/exe File opened for reading /proc/165/fd File opened for reading /proc/406/fd File opened for reading /proc/543/fd File opened for reading /proc/406/exe File opened for reading /proc/780/exe File opened for reading /proc/250/fd File opened for reading /proc/339/fd File opened for reading /proc/393/fd File opened for reading /proc/597/exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/712-1-0x00400000-0x00455bd8-memory.dmp