General
-
Target
4147e375f325878fe3c3962c3d4ac411_JaffaCakes118
-
Size
54KB
-
Sample
240514-nabp1adb2x
-
MD5
4147e375f325878fe3c3962c3d4ac411
-
SHA1
3977330dac5e46ee6887d9d5fc58a17229ecf4da
-
SHA256
f919b9a88cd4aedf43145916d33f9ca10202735acec3b052b842cfdbaf5ba27b
-
SHA512
fbd1332c311828dbb94af80ed2428f8dd3d927e8cd0a2092fd4b28b15d47601cbd9fcf5d26dcc2d7ba8b961dc6bfa9ec0a4023f579659484569a50484081e65d
-
SSDEEP
768:s6hiVRWhVWibZ6uzPBtbrmvOSYpZHU/HYnvW4i0suqstyPxck51:s6EwVWibZ6uzpNrmv6ZyOWJ0Bqstixc
Behavioral task
behavioral1
Sample
4147e375f325878fe3c3962c3d4ac411_JaffaCakes118
Resource
ubuntu2004-amd64-20240508-en
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
4147e375f325878fe3c3962c3d4ac411_JaffaCakes118
-
Size
54KB
-
MD5
4147e375f325878fe3c3962c3d4ac411
-
SHA1
3977330dac5e46ee6887d9d5fc58a17229ecf4da
-
SHA256
f919b9a88cd4aedf43145916d33f9ca10202735acec3b052b842cfdbaf5ba27b
-
SHA512
fbd1332c311828dbb94af80ed2428f8dd3d927e8cd0a2092fd4b28b15d47601cbd9fcf5d26dcc2d7ba8b961dc6bfa9ec0a4023f579659484569a50484081e65d
-
SSDEEP
768:s6hiVRWhVWibZ6uzPBtbrmvOSYpZHU/HYnvW4i0suqstyPxck51:s6EwVWibZ6uzpNrmv6ZyOWJ0Bqstixc
Score9/10-
Contacts a large (7515) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-