General
-
Target
389333fe8ae86ec49d8b1d02af2c77c5_JaffaCakes118
-
Size
29KB
-
Sample
240512-gjrn9abe31
-
MD5
389333fe8ae86ec49d8b1d02af2c77c5
-
SHA1
b84786756e71fbc0347460d4e4398f186cd29324
-
SHA256
33c8947f413ad252798c6d7a5655e727d6125633585a0601a1a14cf1c7ce6d3b
-
SHA512
03b3ac45a30db9846e0e13aaccd10782689ebb03821569af9334718bc3f0b287835caa75470662568bfa368eb1d3a105cba165ab6d397dc3fdd4249ccd2cb42d
-
SSDEEP
768:+N8fWlfoQmQAXV7E/QciiRcLprDK09J5Cqfl:uMNXFl76N4PD/
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
389333fe8ae86ec49d8b1d02af2c77c5_JaffaCakes118
-
Size
29KB
-
MD5
389333fe8ae86ec49d8b1d02af2c77c5
-
SHA1
b84786756e71fbc0347460d4e4398f186cd29324
-
SHA256
33c8947f413ad252798c6d7a5655e727d6125633585a0601a1a14cf1c7ce6d3b
-
SHA512
03b3ac45a30db9846e0e13aaccd10782689ebb03821569af9334718bc3f0b287835caa75470662568bfa368eb1d3a105cba165ab6d397dc3fdd4249ccd2cb42d
-
SSDEEP
768:+N8fWlfoQmQAXV7E/QciiRcLprDK09J5Cqfl:uMNXFl76N4PD/
-
Contacts a large (20412) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-