General
-
Target
36af23e2b470250d0a1dc4deee0a9c11_JaffaCakes118
-
Size
30KB
-
Sample
240511-1j2n1adb55
-
MD5
36af23e2b470250d0a1dc4deee0a9c11
-
SHA1
013cf910e110a213bebdec9664dacc12b58d57d9
-
SHA256
56d534c3da3a471a4752169f254dadb8137512e67c04029f8afbea35b0711251
-
SHA512
57c2cc2219dd749fb3ad2905b7dfa5e83f92477f4ccd3fcb2f3e757e50903d2cd8636b7652e07b51cd216785fdcf400a918764c39622b0fddd223bd443e34a05
-
SSDEEP
768:4uH5tyEYkO4uhxG6O0nO+qlbmRH/eruoZd0z0crynbcuyD7UHQRj9:tZIEYt4uhI6jnONlyRGFZ60nnouy8HyB
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
36af23e2b470250d0a1dc4deee0a9c11_JaffaCakes118
-
Size
30KB
-
MD5
36af23e2b470250d0a1dc4deee0a9c11
-
SHA1
013cf910e110a213bebdec9664dacc12b58d57d9
-
SHA256
56d534c3da3a471a4752169f254dadb8137512e67c04029f8afbea35b0711251
-
SHA512
57c2cc2219dd749fb3ad2905b7dfa5e83f92477f4ccd3fcb2f3e757e50903d2cd8636b7652e07b51cd216785fdcf400a918764c39622b0fddd223bd443e34a05
-
SSDEEP
768:4uH5tyEYkO4uhxG6O0nO+qlbmRH/eruoZd0z0crynbcuyD7UHQRj9:tZIEYt4uhI6jnONlyRGFZ60nnouy8HyB
-
Contacts a large (20525) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-