General

  • Target

    08b2cf465ff05923f0c48c4ede32ceed_JaffaCakes118

  • Size

    54KB

  • Sample

    240728-etxl5sxelj

  • MD5

    08b2cf465ff05923f0c48c4ede32ceed

  • SHA1

    ba859709549404f6bac3c7b5d4c09bbb4fa6544a

  • SHA256

    a7137431daac2b9ee282250322c98c6d1ad30c94d3f407e9975dadf4d9c17f0e

  • SHA512

    0416144c8a456aad5a2957b638fcd5f65630dce63f06c88773c0630efcebe3d42e14dc7270a883410a17122f784d87b684f13f3dd9b86e758a0c2116f79b3036

  • SSDEEP

    1536:d6EwVWibZ6uzpNrmvFtWbFBiWCTZVZt+xc:QVWYZ6uzv4FKFBiWoZVZQq

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      08b2cf465ff05923f0c48c4ede32ceed_JaffaCakes118

    • Size

      54KB

    • MD5

      08b2cf465ff05923f0c48c4ede32ceed

    • SHA1

      ba859709549404f6bac3c7b5d4c09bbb4fa6544a

    • SHA256

      a7137431daac2b9ee282250322c98c6d1ad30c94d3f407e9975dadf4d9c17f0e

    • SHA512

      0416144c8a456aad5a2957b638fcd5f65630dce63f06c88773c0630efcebe3d42e14dc7270a883410a17122f784d87b684f13f3dd9b86e758a0c2116f79b3036

    • SSDEEP

      1536:d6EwVWibZ6uzpNrmvFtWbFBiWCTZVZt+xc:QVWYZ6uzv4FKFBiWoZVZQq

    Score
    8/10
    • Contacts a large (1759) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks