Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240226-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    21-04-2024 04:24

General

  • Target

    fe6cdf520883efc846ef228f039f57ac_JaffaCakes118

  • Size

    31KB

  • MD5

    fe6cdf520883efc846ef228f039f57ac

  • SHA1

    d94fae6008018b6631ba19c46b4aed37124afea9

  • SHA256

    3ba27fc2fb9909393d8049e708461f4f6d488055aa28fe20a12bb73dc18d3ca6

  • SHA512

    e17a2d30b86cbd2844dfdd8f710307f8b294e61363cf0b14daac63396ec503368f95ffdc6c8937dc454a50198c2c8b93ac8f6c899f9067626afd791ad48dd2e8

  • SSDEEP

    384:A3fpCLrsjHIX69URc+hmnulY1qHprFKt6zhS45vDajssVwfiNtssera3FRWGVCzG:4fpWcehzJFYKgULAssKfi7ua3zW+

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (19963) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 44 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/fe6cdf520883efc846ef228f039f57ac_JaffaCakes118
    /tmp/fe6cdf520883efc846ef228f039f57ac_JaffaCakes118
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:716

Network

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Impair Defenses

1
T1562

Discovery

Network Service Discovery

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/716-1-0x00400000-0x00455bd8-memory.dmp