General
-
Target
00ce9c1932dcc6869fea7d6e5af8260a_JaffaCakes118
-
Size
49KB
-
Sample
240426-p2h4tsca72
-
MD5
00ce9c1932dcc6869fea7d6e5af8260a
-
SHA1
0c8f7ab52fd4eff36ca7aae8f1aa4ed660af73a4
-
SHA256
1a397580c1fd7effa067339a95834d70429089f6673144bfe8dff2706ccf29ec
-
SHA512
114aaa26860d9b11f5c11796f02029d7e48778a8d5130fe9118ed1555752631ef0d0efc7c9a6587406a3a99593ff9c37cedb4b237544047234bb86d7caa401c0
-
SSDEEP
768:eQ6JNUPjNNylsokrCFrl7y4Hq7FwgeHhRFHdPGhGF+Hy8E8nbcuyD7UkWykkAL:Z8KPnBIlZHq7qg2VLqy8xnouy8kzkk6
Malware Config
Extracted
mirai
TSUNAMI
Targets
-
-
Target
00ce9c1932dcc6869fea7d6e5af8260a_JaffaCakes118
-
Size
49KB
-
MD5
00ce9c1932dcc6869fea7d6e5af8260a
-
SHA1
0c8f7ab52fd4eff36ca7aae8f1aa4ed660af73a4
-
SHA256
1a397580c1fd7effa067339a95834d70429089f6673144bfe8dff2706ccf29ec
-
SHA512
114aaa26860d9b11f5c11796f02029d7e48778a8d5130fe9118ed1555752631ef0d0efc7c9a6587406a3a99593ff9c37cedb4b237544047234bb86d7caa401c0
-
SSDEEP
768:eQ6JNUPjNNylsokrCFrl7y4Hq7FwgeHhRFHdPGhGF+Hy8E8nbcuyD7UkWykkAL:Z8KPnBIlZHq7qg2VLqy8xnouy8kzkk6
-
Contacts a large (439396) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Legitimate hosting services abused for malware hosting/C2
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Writes file to system bin folder
-