General
-
Target
fe6cdf520883efc846ef228f039f57ac_JaffaCakes118
-
Size
31KB
-
Sample
240421-e1kwxsba72
-
MD5
fe6cdf520883efc846ef228f039f57ac
-
SHA1
d94fae6008018b6631ba19c46b4aed37124afea9
-
SHA256
3ba27fc2fb9909393d8049e708461f4f6d488055aa28fe20a12bb73dc18d3ca6
-
SHA512
e17a2d30b86cbd2844dfdd8f710307f8b294e61363cf0b14daac63396ec503368f95ffdc6c8937dc454a50198c2c8b93ac8f6c899f9067626afd791ad48dd2e8
-
SSDEEP
384:A3fpCLrsjHIX69URc+hmnulY1qHprFKt6zhS45vDajssVwfiNtssera3FRWGVCzG:4fpWcehzJFYKgULAssKfi7ua3zW+
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
fe6cdf520883efc846ef228f039f57ac_JaffaCakes118
-
Size
31KB
-
MD5
fe6cdf520883efc846ef228f039f57ac
-
SHA1
d94fae6008018b6631ba19c46b4aed37124afea9
-
SHA256
3ba27fc2fb9909393d8049e708461f4f6d488055aa28fe20a12bb73dc18d3ca6
-
SHA512
e17a2d30b86cbd2844dfdd8f710307f8b294e61363cf0b14daac63396ec503368f95ffdc6c8937dc454a50198c2c8b93ac8f6c899f9067626afd791ad48dd2e8
-
SSDEEP
384:A3fpCLrsjHIX69URc+hmnulY1qHprFKt6zhS45vDajssVwfiNtssera3FRWGVCzG:4fpWcehzJFYKgULAssKfi7ua3zW+
-
Contacts a large (19963) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-