General

  • Target

    861dc736b594bf6d50f8e6c62dad44ae_JaffaCakes118

  • Size

    52KB

  • Sample

    240810-p2tkkathpe

  • MD5

    861dc736b594bf6d50f8e6c62dad44ae

  • SHA1

    ee78cd217c78371c4723e583e65c83fe4f94268b

  • SHA256

    b5d19dbb33782b9711f7924767edefae8f0ff291179a2212110c6c015a20ae05

  • SHA512

    3b6d0e51b3f1c0fe213f4cc22ee3c216a53ccc09d5c602c7507faa9e9ed44b5dc7e0b5912b027e449b19d855a6cef58e5be7639c12f879d8e9f0fa0d48cc188c

  • SSDEEP

    768:9JomkQ+czIzxisfjo9tBJM9IgNuIq8gARmVb5YUCo89q3UELgCV7tn1BdSFzty19:cmpgDjo9tBbgNuejSDC0LgChajy9

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      861dc736b594bf6d50f8e6c62dad44ae_JaffaCakes118

    • Size

      52KB

    • MD5

      861dc736b594bf6d50f8e6c62dad44ae

    • SHA1

      ee78cd217c78371c4723e583e65c83fe4f94268b

    • SHA256

      b5d19dbb33782b9711f7924767edefae8f0ff291179a2212110c6c015a20ae05

    • SHA512

      3b6d0e51b3f1c0fe213f4cc22ee3c216a53ccc09d5c602c7507faa9e9ed44b5dc7e0b5912b027e449b19d855a6cef58e5be7639c12f879d8e9f0fa0d48cc188c

    • SSDEEP

      768:9JomkQ+czIzxisfjo9tBJM9IgNuIq8gARmVb5YUCo89q3UELgCV7tn1BdSFzty19:cmpgDjo9tBbgNuejSDC0LgChajy9

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (19528) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks