General
-
Target
b553ff15a174d5ba8212a794607de39c_JaffaCakes118
-
Size
27KB
-
Sample
240616-1hdksayhld
-
MD5
b553ff15a174d5ba8212a794607de39c
-
SHA1
7277c420520f5f605e9292181d3a7594a2f73205
-
SHA256
369eb16c469cebfd30abe4215c27283b553d26daa073a9595b98b595c86722de
-
SHA512
216f8bd6a0b76f77df4d8c8c6543b32467d7fe0265d9a918037474876dca93386a6b1c7167b04c0837f3a8fb707d5454a796a38d79f382bed93ffb4ba89b5199
-
SSDEEP
768:XuwpRy9jIIqgFdQZcRTmhXaRTagDR8m1TmvnbcuyD7Uvccpf:1QqwJsXeTDN1avnouy8vccpf
Malware Config
Extracted
mirai
MIRAI
hello.bigpuller.cf
Targets
-
-
Target
b553ff15a174d5ba8212a794607de39c_JaffaCakes118
-
Size
27KB
-
MD5
b553ff15a174d5ba8212a794607de39c
-
SHA1
7277c420520f5f605e9292181d3a7594a2f73205
-
SHA256
369eb16c469cebfd30abe4215c27283b553d26daa073a9595b98b595c86722de
-
SHA512
216f8bd6a0b76f77df4d8c8c6543b32467d7fe0265d9a918037474876dca93386a6b1c7167b04c0837f3a8fb707d5454a796a38d79f382bed93ffb4ba89b5199
-
SSDEEP
768:XuwpRy9jIIqgFdQZcRTmhXaRTagDR8m1TmvnbcuyD7Uvccpf:1QqwJsXeTDN1avnouy8vccpf
-
Contacts a large (10239) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-