Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240729-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    11/08/2024, 00:21

General

  • Target

    8843c2dec944c37ba68ccbbf08ae8ade_JaffaCakes118

  • Size

    29KB

  • MD5

    8843c2dec944c37ba68ccbbf08ae8ade

  • SHA1

    eca0b0c4165b725dd035e4689aedd7aff039362d

  • SHA256

    1c24e490fdf0669a1b7ebff8edac35c4343094b2990e14ecd502a5b6a1dafd03

  • SHA512

    d6b0f48cf5c4222d40872faa6242dfb09ab3f49437da61be92eeb3d28e912827fc7865e58d7c3a295a19fe9b16dbc5ee9c01ca403c000dea0bc56a0579142b63

  • SSDEEP

    768:dNUb6MdbhjC0wbseI9aK81VDhaHc9RQbJgGlzDpbuR1J6:TtT0WdK8wmQRVJuA

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (20424) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/8843c2dec944c37ba68ccbbf08ae8ade_JaffaCakes118
    /tmp/8843c2dec944c37ba68ccbbf08ae8ade_JaffaCakes118
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:724

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads