General
-
Target
861dc736b594bf6d50f8e6c62dad44ae_JaffaCakes118
-
Size
52KB
-
Sample
240810-p2tkkathpe
-
MD5
861dc736b594bf6d50f8e6c62dad44ae
-
SHA1
ee78cd217c78371c4723e583e65c83fe4f94268b
-
SHA256
b5d19dbb33782b9711f7924767edefae8f0ff291179a2212110c6c015a20ae05
-
SHA512
3b6d0e51b3f1c0fe213f4cc22ee3c216a53ccc09d5c602c7507faa9e9ed44b5dc7e0b5912b027e449b19d855a6cef58e5be7639c12f879d8e9f0fa0d48cc188c
-
SSDEEP
768:9JomkQ+czIzxisfjo9tBJM9IgNuIq8gARmVb5YUCo89q3UELgCV7tn1BdSFzty19:cmpgDjo9tBbgNuejSDC0LgChajy9
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
861dc736b594bf6d50f8e6c62dad44ae_JaffaCakes118
-
Size
52KB
-
MD5
861dc736b594bf6d50f8e6c62dad44ae
-
SHA1
ee78cd217c78371c4723e583e65c83fe4f94268b
-
SHA256
b5d19dbb33782b9711f7924767edefae8f0ff291179a2212110c6c015a20ae05
-
SHA512
3b6d0e51b3f1c0fe213f4cc22ee3c216a53ccc09d5c602c7507faa9e9ed44b5dc7e0b5912b027e449b19d855a6cef58e5be7639c12f879d8e9f0fa0d48cc188c
-
SSDEEP
768:9JomkQ+czIzxisfjo9tBJM9IgNuIq8gARmVb5YUCo89q3UELgCV7tn1BdSFzty19:cmpgDjo9tBbgNuejSDC0LgChajy9
-
Contacts a large (19528) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-