General
-
Target
fb769799851c6c14cdc97e37a8f72e9a_JaffaCakes118
-
Size
45KB
-
Sample
240420-ab4waaah92
-
MD5
fb769799851c6c14cdc97e37a8f72e9a
-
SHA1
3b74551cfaf4dce5756a6f4d4d42fdb0199bcf9f
-
SHA256
01d1a362d0bfadc0c879e553d5b014aef27de86fc6b21c76d17780840a4c7967
-
SHA512
6752ba40d3a58c402d3479498951cd7fd5d8bebd50f9e4047388d6d065bb7c1ba3c862dd0cd55ad8cca900d82e1d4a8badc46c72e345497ff653a895bdb5c8dd
-
SSDEEP
768:5znqKaiUxf0myocB15HcUx6yaFFy5SG2AYZkt2+80up0HiMzDR7knT0eDviL3Whu:5bqDNcB15HX6/vGSxJZo80upgiMzD1kM
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
fb769799851c6c14cdc97e37a8f72e9a_JaffaCakes118
-
Size
45KB
-
MD5
fb769799851c6c14cdc97e37a8f72e9a
-
SHA1
3b74551cfaf4dce5756a6f4d4d42fdb0199bcf9f
-
SHA256
01d1a362d0bfadc0c879e553d5b014aef27de86fc6b21c76d17780840a4c7967
-
SHA512
6752ba40d3a58c402d3479498951cd7fd5d8bebd50f9e4047388d6d065bb7c1ba3c862dd0cd55ad8cca900d82e1d4a8badc46c72e345497ff653a895bdb5c8dd
-
SSDEEP
768:5znqKaiUxf0myocB15HcUx6yaFFy5SG2AYZkt2+80up0HiMzDR7knT0eDviL3Whu:5bqDNcB15HX6/vGSxJZo80upgiMzD1kM
-
Contacts a large (199029) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-