General
-
Target
079ac68e03006cd0872918e75d4f8bd9_JaffaCakes118
-
Size
39KB
-
Sample
240429-n2nhwaac3z
-
MD5
079ac68e03006cd0872918e75d4f8bd9
-
SHA1
f1f1fda7e0fc8a4a45cb244589a84e0f5e3e0d46
-
SHA256
d6cf9e245910e31d0b7284a4b63e0f65fc8cf77c660129c6bd9577e2ac910b8a
-
SHA512
023e23e61fbb2250f8680578ecc2ced30a13122749768c08d84932af874d359ecc2750bd472b124c4eb33c8d07431c4717cc1ab07e40ba67ea2d70fb4beaca9d
-
SSDEEP
768:4nFv6uj8IgwUiNsRgxzMlh2gVnNSY+cfteJgGlzDpxYsjo:mFv6ujwwkgxzys0kY+4KVrYj
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
079ac68e03006cd0872918e75d4f8bd9_JaffaCakes118
-
Size
39KB
-
MD5
079ac68e03006cd0872918e75d4f8bd9
-
SHA1
f1f1fda7e0fc8a4a45cb244589a84e0f5e3e0d46
-
SHA256
d6cf9e245910e31d0b7284a4b63e0f65fc8cf77c660129c6bd9577e2ac910b8a
-
SHA512
023e23e61fbb2250f8680578ecc2ced30a13122749768c08d84932af874d359ecc2750bd472b124c4eb33c8d07431c4717cc1ab07e40ba67ea2d70fb4beaca9d
-
SSDEEP
768:4nFv6uj8IgwUiNsRgxzMlh2gVnNSY+cfteJgGlzDpxYsjo:mFv6ujwwkgxzys0kY+4KVrYj
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (112272) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-