Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240418-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240418-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    07-05-2024 11:35

General

  • Target

    2074091f40149089c239847e2f42e955_JaffaCakes118

  • Size

    30KB

  • MD5

    2074091f40149089c239847e2f42e955

  • SHA1

    c166d48788656bbb8bbc68817fcd998e7b47c581

  • SHA256

    45424559126ee4d9b485aecdfadda93a13185f537ae88e07fad152dcad9b1663

  • SHA512

    4e49c45429fea24bab2159e187e74f2cf2fd9371ff8c2dbaf095226e5892dfc80b534c615d17544c45991992ae1faac3c9e48de792b5e1301dccb243b4527311

  • SSDEEP

    768:0uH5tyEYkO4uhxG6OQhyXKR92q+I1nbcuyD7UHQRjq:RZIEYt4uhI61h7R92G1nouy8HyO

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (20580) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/2074091f40149089c239847e2f42e955_JaffaCakes118
    /tmp/2074091f40149089c239847e2f42e955_JaffaCakes118
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:1541

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1541-1-0x0000000008048000-0x000000000805a8e0-memory.dmp