General
-
Target
02a9519fe144db7ca49e9998f66db46c_JaffaCakes118
-
Size
28KB
-
Sample
240427-hlr88sea2s
-
MD5
02a9519fe144db7ca49e9998f66db46c
-
SHA1
fccb36ab5a86ad649471df44d538b896dcda4d83
-
SHA256
be4714ca8a095355eea5d50ad89473d4bc928d23e4944c10ac0d9e850f700aab
-
SHA512
5de9aee315f19a8b8ffa1a664b0cfe1114aa68a02b558a24338c5e8ebeefe8d35b9f2bd9bcfce56e6dc72a0178e0927e5e35b77b12bf04c29c0ec213c02dad50
-
SSDEEP
768:RCG/rJv+tqC3Y+B4JmQGo3ZXelv3YmFAtM5inhc3I7FqH:YGtv+tzMJmQGuUvhFzohlpqH
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
02a9519fe144db7ca49e9998f66db46c_JaffaCakes118
-
Size
28KB
-
MD5
02a9519fe144db7ca49e9998f66db46c
-
SHA1
fccb36ab5a86ad649471df44d538b896dcda4d83
-
SHA256
be4714ca8a095355eea5d50ad89473d4bc928d23e4944c10ac0d9e850f700aab
-
SHA512
5de9aee315f19a8b8ffa1a664b0cfe1114aa68a02b558a24338c5e8ebeefe8d35b9f2bd9bcfce56e6dc72a0178e0927e5e35b77b12bf04c29c0ec213c02dad50
-
SSDEEP
768:RCG/rJv+tqC3Y+B4JmQGo3ZXelv3YmFAtM5inhc3I7FqH:YGtv+tzMJmQGuUvhFzohlpqH
-
Contacts a large (20615) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-