General
-
Target
4062ae570aade7c41d35c283cd225cfa_JaffaCakes118
-
Size
65KB
-
Sample
240513-tzkxvseg82
-
MD5
4062ae570aade7c41d35c283cd225cfa
-
SHA1
29120f42cd547eaee3e6d056069864b26d1c9edc
-
SHA256
0ff1fc8c9effab4b5fad41f76cff1a9964c8f9165336f0addd483a35e4757e89
-
SHA512
f2b17bf4152dcb051eab3628d3ed00406a26ebef7ddc35b2406faaef5688163687657a8b78f106a5275a44ba9e75883c798b1cf80fdb513b75b0c421b7cf50dd
-
SSDEEP
1536:/d0L3eaHblm64MdlNbR5Mx5gSznYCSWx/2PZtKG0VSL+aSioG:VW3eaHblm64MdlNbR5wZnXSWx/2htx0S
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
4062ae570aade7c41d35c283cd225cfa_JaffaCakes118
-
Size
65KB
-
MD5
4062ae570aade7c41d35c283cd225cfa
-
SHA1
29120f42cd547eaee3e6d056069864b26d1c9edc
-
SHA256
0ff1fc8c9effab4b5fad41f76cff1a9964c8f9165336f0addd483a35e4757e89
-
SHA512
f2b17bf4152dcb051eab3628d3ed00406a26ebef7ddc35b2406faaef5688163687657a8b78f106a5275a44ba9e75883c798b1cf80fdb513b75b0c421b7cf50dd
-
SSDEEP
1536:/d0L3eaHblm64MdlNbR5Mx5gSznYCSWx/2PZtKG0VSL+aSioG:VW3eaHblm64MdlNbR5wZnXSWx/2htx0S
Score9/10-
Contacts a large (20644) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-