General
-
Target
223b48430897e5c90b36ba13575dc426_JaffaCakes118
-
Size
29KB
-
Sample
240507-3m7ershc68
-
MD5
223b48430897e5c90b36ba13575dc426
-
SHA1
1430db45154e9a0be4f0e65da41662ac06e60134
-
SHA256
3288991971bf3b274a0b17c0c9ca0dcd349394ae50ff4c8a1e507592da6c102d
-
SHA512
d083ef881e3384797ccf59493e3837a5f3f1c8fd8b4c8a667a3e580a2e9eaf887d477bf187cd44e601e59467bc1c859246e4a0a5c5d80cb48e2ab2b11c5fe0cd
-
SSDEEP
768:XHL0Vqv5jkdOGvxxaSI6tTmSZuQBi6EJ7b8:XoVqRwdjzaQYmL
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
223b48430897e5c90b36ba13575dc426_JaffaCakes118
-
Size
29KB
-
MD5
223b48430897e5c90b36ba13575dc426
-
SHA1
1430db45154e9a0be4f0e65da41662ac06e60134
-
SHA256
3288991971bf3b274a0b17c0c9ca0dcd349394ae50ff4c8a1e507592da6c102d
-
SHA512
d083ef881e3384797ccf59493e3837a5f3f1c8fd8b4c8a667a3e580a2e9eaf887d477bf187cd44e601e59467bc1c859246e4a0a5c5d80cb48e2ab2b11c5fe0cd
-
SSDEEP
768:XHL0Vqv5jkdOGvxxaSI6tTmSZuQBi6EJ7b8:XoVqRwdjzaQYmL
-
Contacts a large (20237) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-