General

  • Target

    6b674124d831d8f91b1ae7f9469c3601_JaffaCakes118

  • Size

    31KB

  • Sample

    240724-nb6a1atcml

  • MD5

    6b674124d831d8f91b1ae7f9469c3601

  • SHA1

    1e8a78d4e27158c46ff02ddc632382171840b4fa

  • SHA256

    9d0b1df535d86b4b3e1da52e67e6483ccb0388e6bab79cbc6c0fb79815b60f54

  • SHA512

    07ae6410b2d997bdf788aa46a143b665720f9a45a58c69685bf6f70095b158ace80bd4c9a26e669f327077b48800e7fa4ef7fef12245a5ccdf805e0df1828aab

  • SSDEEP

    768:mpYSyYdklmrEdQ5PFeMzKUZygW3PbJtlLAhRmxRYJgGlzDpbuR1JM:kKmrEmPFeMzKzN3lbYVJuq

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      6b674124d831d8f91b1ae7f9469c3601_JaffaCakes118

    • Size

      31KB

    • MD5

      6b674124d831d8f91b1ae7f9469c3601

    • SHA1

      1e8a78d4e27158c46ff02ddc632382171840b4fa

    • SHA256

      9d0b1df535d86b4b3e1da52e67e6483ccb0388e6bab79cbc6c0fb79815b60f54

    • SHA512

      07ae6410b2d997bdf788aa46a143b665720f9a45a58c69685bf6f70095b158ace80bd4c9a26e669f327077b48800e7fa4ef7fef12245a5ccdf805e0df1828aab

    • SSDEEP

      768:mpYSyYdklmrEdQ5PFeMzKUZygW3PbJtlLAhRmxRYJgGlzDpbuR1JM:kKmrEmPFeMzKzN3lbYVJuq

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (20336) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks