General

  • Target

    86107fa6fc96bc4533ad85892c3378a6_JaffaCakes118

  • Size

    32KB

  • Sample

    240810-pq1vhazalk

  • MD5

    86107fa6fc96bc4533ad85892c3378a6

  • SHA1

    db510a0858b94314df9961c06b10da462ac81185

  • SHA256

    89b8565e5ab930e8e0e4f543408ad3702299ed19fce30102267c4ebd0bbc3ee7

  • SHA512

    5388bd9268fada0bf1201f7e69463f37683e720a6a0d34b721b64a192ed9b033d429beeb5950d7d939f2b1d1479cc2a27c12139a52e3031b716d1e003920c596

  • SSDEEP

    768:TQ6GaQQMA6U9ecSU2TXNQ5/TOPtt8bcn/vylZuyjmImxIQgpe5umWM0:Tcafreq/stQknWZShxIQgs5ut

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

    • Target

      86107fa6fc96bc4533ad85892c3378a6_JaffaCakes118

    • Size

      32KB

    • MD5

      86107fa6fc96bc4533ad85892c3378a6

    • SHA1

      db510a0858b94314df9961c06b10da462ac81185

    • SHA256

      89b8565e5ab930e8e0e4f543408ad3702299ed19fce30102267c4ebd0bbc3ee7

    • SHA512

      5388bd9268fada0bf1201f7e69463f37683e720a6a0d34b721b64a192ed9b033d429beeb5950d7d939f2b1d1479cc2a27c12139a52e3031b716d1e003920c596

    • SSDEEP

      768:TQ6GaQQMA6U9ecSU2TXNQ5/TOPtt8bcn/vylZuyjmImxIQgpe5umWM0:Tcafreq/stQknWZShxIQgs5ut

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (104904) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks