General
-
Target
006e7e08a0cfe0cfa96e07fb23afd1df_JaffaCakes118
-
Size
54KB
-
Sample
240727-zadp5szdkh
-
MD5
006e7e08a0cfe0cfa96e07fb23afd1df
-
SHA1
c196463470cf4cdf3875332229a45410d14bd056
-
SHA256
06d27107bc9b94e1f386dfa774c96dbe6cccd5ba197a9f2ab975cd899780b37f
-
SHA512
898eccba89c6a37d726e52612f36845c4ee2261d03c1b6825fc544d30d0dc832fc148740ad9b6d2f0b7dcdc4cbb3cf34bebec6f6c1ab6c42ac8897546f7a2aaf
-
SSDEEP
1536:36Ew7hWCbZ6OzptrGP85wXynWTF+7t+Rc:C1W4Z6OzP4NXynWp+7QK
Malware Config
Extracted
mirai
MIRAI
suckmyass1983.ddns.net
Targets
-
-
Target
006e7e08a0cfe0cfa96e07fb23afd1df_JaffaCakes118
-
Size
54KB
-
MD5
006e7e08a0cfe0cfa96e07fb23afd1df
-
SHA1
c196463470cf4cdf3875332229a45410d14bd056
-
SHA256
06d27107bc9b94e1f386dfa774c96dbe6cccd5ba197a9f2ab975cd899780b37f
-
SHA512
898eccba89c6a37d726e52612f36845c4ee2261d03c1b6825fc544d30d0dc832fc148740ad9b6d2f0b7dcdc4cbb3cf34bebec6f6c1ab6c42ac8897546f7a2aaf
-
SSDEEP
1536:36Ew7hWCbZ6OzptrGP85wXynWTF+7t+Rc:C1W4Z6OzP4NXynWp+7QK
Score9/10-
Contacts a large (23829) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-