General
-
Target
b0a2de73b5ca31c4f24e0ac2ca490943_JaffaCakes118
-
Size
78KB
-
Sample
240820-ys1rysvcjk
-
MD5
b0a2de73b5ca31c4f24e0ac2ca490943
-
SHA1
bb492d3f8dde5d4c865caf3a3a2d7d159a5c1274
-
SHA256
e1b541b443ba9b1720eb696b3c47322ddd64af16195ea11a8d945e6bc15efe47
-
SHA512
8947af3c8588f997a0e1bc2e6260659fd3d5493b619fe82844ccc81e6a639457bc9d9802fb8cb375036429087398489d62b0cefb8bf831c03ead4eb6abc18cf2
-
SSDEEP
1536:vGFfut16/jhZRcogB2UHFeZMDuPSwtOA3B:+Ffut16LhLgB2UyO
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
b0a2de73b5ca31c4f24e0ac2ca490943_JaffaCakes118
-
Size
78KB
-
MD5
b0a2de73b5ca31c4f24e0ac2ca490943
-
SHA1
bb492d3f8dde5d4c865caf3a3a2d7d159a5c1274
-
SHA256
e1b541b443ba9b1720eb696b3c47322ddd64af16195ea11a8d945e6bc15efe47
-
SHA512
8947af3c8588f997a0e1bc2e6260659fd3d5493b619fe82844ccc81e6a639457bc9d9802fb8cb375036429087398489d62b0cefb8bf831c03ead4eb6abc18cf2
-
SSDEEP
1536:vGFfut16/jhZRcogB2UHFeZMDuPSwtOA3B:+Ffut16LhLgB2UyO
Score9/10-
Contacts a large (9280) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-