Overview

overview

10

Static

static

7

231cae3d35...kes118

ubuntu-20.04-amd64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240418-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240418-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    08-05-2024 04:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    231cae3d3562087e0e12ca3244955ba0_JaffaCakes118

  • Size

    28KB

  • MD5

    231cae3d3562087e0e12ca3244955ba0

  • SHA1

    25e28dddd0abb6172986a5ef2bfabd40744d1aa8

  • SHA256

    eb227af5cbe83583affe32e0437342f68c8cb53c8b1cab92748dcb7b29246597

  • SHA512

    d6669b590a709b722e8e75acda2f5f6f3639d480e694b25a138119b8453a23ef55f6d43c3a0ac5c9c65f8e74e14cc70d12b5c59e5b58599bd3411a4c1f3c961c

  • SSDEEP

    768:eCG/rJv+tqC3Y+B4JmqGo3ZXelv3YmFAtM5intwFk:9Gtv+tzMJmqGuUvhFzoik

Score
10/10
miraimiraibotnetdiscovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Contacts a large (20559) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/231cae3d3562087e0e12ca3244955ba0_JaffaCakes118
    /tmp/231cae3d3562087e0e12ca3244955ba0_JaffaCakes118
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:1514

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Network Service Discovery

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1514-1-0x0000000008048000-0x0000000008057840-memory.dmp
    Download