Overview

overview

10

Static

static

10

25ca719fd5...kes118

ubuntu-20.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25ca719fd5bf3dd763aaef2f1f231c30_JaffaCakes118

  • Size

    64KB

  • Sample

    240508-vb5sssge59

  • MD5

    25ca719fd5bf3dd763aaef2f1f231c30

  • SHA1

    083e52ec89b621b414430ba0179bf95379795e74

  • SHA256

    345f2be486b67bab8d0ca421337e3e03902abb25399c5943c0c5415eb8229c98

  • SHA512

    5a10d2129385e5a326d8b5ab5e9743b3082b784d3a4ec1346ab81d45afc5eb9c45356aac2271b70d5b37a82b20bf3cc7bb924af08ec1ab70ae0ff858b482ee16

  • SSDEEP

    1536:IcR9170vwHbQXZ5+qXDEuXi9bLSW7p/d6reFt6HuQ4Zf:f917iwHbQXZ5+qXA59HSWF/Qreb6OZZ

Score
10/10
mirailzrddiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      25ca719fd5bf3dd763aaef2f1f231c30_JaffaCakes118

    • Size

      64KB

    • MD5

      25ca719fd5bf3dd763aaef2f1f231c30

    • SHA1

      083e52ec89b621b414430ba0179bf95379795e74

    • SHA256

      345f2be486b67bab8d0ca421337e3e03902abb25399c5943c0c5415eb8229c98

    • SHA512

      5a10d2129385e5a326d8b5ab5e9743b3082b784d3a4ec1346ab81d45afc5eb9c45356aac2271b70d5b37a82b20bf3cc7bb924af08ec1ab70ae0ff858b482ee16

    • SSDEEP

      1536:IcR9170vwHbQXZ5+qXDEuXi9bLSW7p/d6reFt6HuQ4Zf:f917iwHbQXZ5+qXA59HSWF/Qreb6OZZ

    Score
    9/10
    discovery

    • Contacts a large (20571) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks