General
-
Target
21d7d37f17a13168bdb3a50d7380ff21_JaffaCakes118
-
Size
54KB
-
Sample
240507-1lacjacb89
-
MD5
21d7d37f17a13168bdb3a50d7380ff21
-
SHA1
31afa15638b8b03db6c126a8686430f3630d9cb2
-
SHA256
af35a79890e6ecad7e735daab3be19a9f18c391f0e5940b298314ba27d517553
-
SHA512
57acfb1779cb0ec0c35d1e01e7f363ccbe7135882444c32008dc0bc6efe823601f175a7e175aea172b8e87a68b87a6f9e43b87218fc06dffd3b9f43b5d15f1b2
-
SSDEEP
1536:d6EwVWibZ6uzpNrmvFtWbFsxWCTZrt+xc:QVWYZ6uzv4FKFsxWoZrQq
Behavioral task
behavioral1
Sample
21d7d37f17a13168bdb3a50d7380ff21_JaffaCakes118
Resource
ubuntu1804-amd64-20240226-en
Malware Config
Extracted
mirai
MIRAI
botnet.remaiten.org
Targets
-
-
Target
21d7d37f17a13168bdb3a50d7380ff21_JaffaCakes118
-
Size
54KB
-
MD5
21d7d37f17a13168bdb3a50d7380ff21
-
SHA1
31afa15638b8b03db6c126a8686430f3630d9cb2
-
SHA256
af35a79890e6ecad7e735daab3be19a9f18c391f0e5940b298314ba27d517553
-
SHA512
57acfb1779cb0ec0c35d1e01e7f363ccbe7135882444c32008dc0bc6efe823601f175a7e175aea172b8e87a68b87a6f9e43b87218fc06dffd3b9f43b5d15f1b2
-
SSDEEP
1536:d6EwVWibZ6uzpNrmvFtWbFsxWCTZrt+xc:QVWYZ6uzv4FKFsxWoZrQq
Score9/10-
Contacts a large (23841) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-