General
-
Target
65f1108523561ae2fbc5b965b826f751_JaffaCakes118
-
Size
28KB
-
Sample
240522-emt8fabe38
-
MD5
65f1108523561ae2fbc5b965b826f751
-
SHA1
c1d78c1030dce672339639dd334e41f756f137ba
-
SHA256
2cdc233ac108d01f629e0c7f4dfe7fd848e42be02359e001ff5a78b27a150dbd
-
SHA512
405c8743fd7b360cee1232fd12c08225f38bf0227e40349a9e5fe098665454d0160b78b9dc1c46d7ff9ccf75216a7dc651d2d597578ddf585d393d942930cb23
-
SSDEEP
768:DCG/rJv+tqC3Y+B4JmQGo3ZXelv3YmFAtM5ino6hF+:uGtv+tzMJmQGuUvhFzoz+
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
65f1108523561ae2fbc5b965b826f751_JaffaCakes118
-
Size
28KB
-
MD5
65f1108523561ae2fbc5b965b826f751
-
SHA1
c1d78c1030dce672339639dd334e41f756f137ba
-
SHA256
2cdc233ac108d01f629e0c7f4dfe7fd848e42be02359e001ff5a78b27a150dbd
-
SHA512
405c8743fd7b360cee1232fd12c08225f38bf0227e40349a9e5fe098665454d0160b78b9dc1c46d7ff9ccf75216a7dc651d2d597578ddf585d393d942930cb23
-
SSDEEP
768:DCG/rJv+tqC3Y+B4JmQGo3ZXelv3YmFAtM5ino6hF+:uGtv+tzMJmQGuUvhFzoz+
-
Contacts a large (20480) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-