Overview

overview

10

Static

static

10

4147e375f3...kes118

ubuntu-20.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4147e375f325878fe3c3962c3d4ac411_JaffaCakes118

  • Size

    54KB

  • Sample

    240514-nabp1adb2x

  • MD5

    4147e375f325878fe3c3962c3d4ac411

  • SHA1

    3977330dac5e46ee6887d9d5fc58a17229ecf4da

  • SHA256

    f919b9a88cd4aedf43145916d33f9ca10202735acec3b052b842cfdbaf5ba27b

  • SHA512

    fbd1332c311828dbb94af80ed2428f8dd3d927e8cd0a2092fd4b28b15d47601cbd9fcf5d26dcc2d7ba8b961dc6bfa9ec0a4023f579659484569a50484081e65d

  • SSDEEP

    768:s6hiVRWhVWibZ6uzPBtbrmvOSYpZHU/HYnvW4i0suqstyPxck51:s6EwVWibZ6uzpNrmv6ZyOWJ0Bqstixc

Score
10/10
miraimiraidiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      4147e375f325878fe3c3962c3d4ac411_JaffaCakes118

    • Size

      54KB

    • MD5

      4147e375f325878fe3c3962c3d4ac411

    • SHA1

      3977330dac5e46ee6887d9d5fc58a17229ecf4da

    • SHA256

      f919b9a88cd4aedf43145916d33f9ca10202735acec3b052b842cfdbaf5ba27b

    • SHA512

      fbd1332c311828dbb94af80ed2428f8dd3d927e8cd0a2092fd4b28b15d47601cbd9fcf5d26dcc2d7ba8b961dc6bfa9ec0a4023f579659484569a50484081e65d

    • SSDEEP

      768:s6hiVRWhVWibZ6uzPBtbrmvOSYpZHU/HYnvW4i0suqstyPxck51:s6EwVWibZ6uzpNrmv6ZyOWJ0Bqstixc

    Score
    9/10
    discovery

    • Contacts a large (7515) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks