General
-
Target
4c73a5fa3598101708d4bf9c5abd84fb_JaffaCakes118
-
Size
28KB
-
Sample
240516-w3f47ahh7s
-
MD5
4c73a5fa3598101708d4bf9c5abd84fb
-
SHA1
e28ea0fcf2139fbe0b8cdfade3856002ecfd3f95
-
SHA256
88272e41dbb45d8da7f039f26932b5c9b50d74a99ec46204be2b8f958609896b
-
SHA512
9fb86c12c2c0ec881fbc262fc2225b3fb107cbec2734b1722a8caf6a6c773eeaef0b08ce763cbadd432a3d5300377254d6767b0e973f3352c5587a3fdf2b1392
-
SSDEEP
768:+CGP3Jv+tqC3Y+B4Jm3Go1Xehv+xFAtMej9MzGnYvFb:dGRv+tzMJm3Gy4sFzM9MzGYNb
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
4c73a5fa3598101708d4bf9c5abd84fb_JaffaCakes118
-
Size
28KB
-
MD5
4c73a5fa3598101708d4bf9c5abd84fb
-
SHA1
e28ea0fcf2139fbe0b8cdfade3856002ecfd3f95
-
SHA256
88272e41dbb45d8da7f039f26932b5c9b50d74a99ec46204be2b8f958609896b
-
SHA512
9fb86c12c2c0ec881fbc262fc2225b3fb107cbec2734b1722a8caf6a6c773eeaef0b08ce763cbadd432a3d5300377254d6767b0e973f3352c5587a3fdf2b1392
-
SSDEEP
768:+CGP3Jv+tqC3Y+B4Jm3Go1Xehv+xFAtMej9MzGnYvFb:dGRv+tzMJm3Gy4sFzM9MzGYNb
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (20525) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-