General
-
Target
fbbc5085633d7caf1d2e8a8ebc1d6392_JaffaCakes118
-
Size
52KB
-
Sample
240420-c2kansfb2y
-
MD5
fbbc5085633d7caf1d2e8a8ebc1d6392
-
SHA1
8a454133fb9a91a992a513dbd54744b6779a98cc
-
SHA256
2106825ef862d5d7cc20a92f9f2362850a2944a16e07b4a53377d7e48160e468
-
SHA512
209e05a3d79de5aa23a772e49e1a73f2e6e1dfdbf687db48c5294780b45b70cd627229d7c8c9a904d94acbad16968e14fb1022d2e2ad62c0cceb368969c96c7a
-
SSDEEP
768:/Mte5B4PACtw/YcmRIe18D9q63TxZQbSORe7Su2QJnKE79TLr4bq9q3UELbOs8qQ:/M84ISRX63dZQbS5rzZqfLIVmWjB
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
fbbc5085633d7caf1d2e8a8ebc1d6392_JaffaCakes118
-
Size
52KB
-
MD5
fbbc5085633d7caf1d2e8a8ebc1d6392
-
SHA1
8a454133fb9a91a992a513dbd54744b6779a98cc
-
SHA256
2106825ef862d5d7cc20a92f9f2362850a2944a16e07b4a53377d7e48160e468
-
SHA512
209e05a3d79de5aa23a772e49e1a73f2e6e1dfdbf687db48c5294780b45b70cd627229d7c8c9a904d94acbad16968e14fb1022d2e2ad62c0cceb368969c96c7a
-
SSDEEP
768:/Mte5B4PACtw/YcmRIe18D9q63TxZQbSORe7Su2QJnKE79TLr4bq9q3UELbOs8qQ:/M84ISRX63dZQbS5rzZqfLIVmWjB
-
Contacts a large (20546) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-