General
-
Target
6b674124d831d8f91b1ae7f9469c3601_JaffaCakes118
-
Size
31KB
-
Sample
240724-nb6a1atcml
-
MD5
6b674124d831d8f91b1ae7f9469c3601
-
SHA1
1e8a78d4e27158c46ff02ddc632382171840b4fa
-
SHA256
9d0b1df535d86b4b3e1da52e67e6483ccb0388e6bab79cbc6c0fb79815b60f54
-
SHA512
07ae6410b2d997bdf788aa46a143b665720f9a45a58c69685bf6f70095b158ace80bd4c9a26e669f327077b48800e7fa4ef7fef12245a5ccdf805e0df1828aab
-
SSDEEP
768:mpYSyYdklmrEdQ5PFeMzKUZygW3PbJtlLAhRmxRYJgGlzDpbuR1JM:kKmrEmPFeMzKzN3lbYVJuq
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
6b674124d831d8f91b1ae7f9469c3601_JaffaCakes118
-
Size
31KB
-
MD5
6b674124d831d8f91b1ae7f9469c3601
-
SHA1
1e8a78d4e27158c46ff02ddc632382171840b4fa
-
SHA256
9d0b1df535d86b4b3e1da52e67e6483ccb0388e6bab79cbc6c0fb79815b60f54
-
SHA512
07ae6410b2d997bdf788aa46a143b665720f9a45a58c69685bf6f70095b158ace80bd4c9a26e669f327077b48800e7fa4ef7fef12245a5ccdf805e0df1828aab
-
SSDEEP
768:mpYSyYdklmrEdQ5PFeMzKUZygW3PbJtlLAhRmxRYJgGlzDpbuR1JM:kKmrEmPFeMzKzN3lbYVJuq
-
Contacts a large (20336) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-