General

  • Target

    8261d1b6e765370a1ebcd4393b9f0cac_JaffaCakes118

  • Size

    33KB

  • Sample

    240802-a3h3wsvgpk

  • MD5

    8261d1b6e765370a1ebcd4393b9f0cac

  • SHA1

    5d0b7f44aa8f91a7db9f619f226fb201f025b75c

  • SHA256

    0b59cd1c5b4c7165907a831358d33fe02ffc3cbec069b9268e669af44dcc4434

  • SHA512

    f788b6e391afb53ee345f6f9b520abdf6178559f848c5ad4d3cccba3d625920ed3e5c4f3ebc3d4abf33144177c04b5690dc7cf8a37df934eeaf125b220e36736

  • SSDEEP

    768:zuXQRH6lLCbVWLC51vC+X2ptEZjY0M2nKYWxernbcuyD7Uiyqj:yXwuLCbVW+PvDX2ptESSWxernouy8Zqj

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

connect.bricktale.cc

Targets

    • Target

      8261d1b6e765370a1ebcd4393b9f0cac_JaffaCakes118

    • Size

      33KB

    • MD5

      8261d1b6e765370a1ebcd4393b9f0cac

    • SHA1

      5d0b7f44aa8f91a7db9f619f226fb201f025b75c

    • SHA256

      0b59cd1c5b4c7165907a831358d33fe02ffc3cbec069b9268e669af44dcc4434

    • SHA512

      f788b6e391afb53ee345f6f9b520abdf6178559f848c5ad4d3cccba3d625920ed3e5c4f3ebc3d4abf33144177c04b5690dc7cf8a37df934eeaf125b220e36736

    • SSDEEP

      768:zuXQRH6lLCbVWLC51vC+X2ptEZjY0M2nKYWxernbcuyD7Uiyqj:yXwuLCbVW+PvDX2ptESSWxernouy8Zqj

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (220403) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks