General
-
Target
bdb56f1173a6344196762c7c22349701_JaffaCakes118
-
Size
77KB
-
Sample
240824-bfzykayhln
-
MD5
bdb56f1173a6344196762c7c22349701
-
SHA1
2a2e8cc40b0eaab05f4b0a250e05f08da75fe3ef
-
SHA256
5794fe895add64b381c9dba037a6c94c9313dbfcc30502708f093cea2a22e590
-
SHA512
32291448389a128987a853c0baaf783810d5d1b8cca7e74ce62c12fd26932f878888dfadac0181cb7c263e9519fede413b078322e906f4ff1022bc3efb664bb5
-
SSDEEP
1536:W4psLUay6+vl/B1aIuy8Umx9ECYHXwtdxwxa8v6jM0D1:xary6+vdmIuy8UKxxwxrv4Mo1
Malware Config
Extracted
mirai
MIRAI
cnchost.gotdns.ch
cncreport.gotdns.ch
Targets
-
-
Target
bdb56f1173a6344196762c7c22349701_JaffaCakes118
-
Size
77KB
-
MD5
bdb56f1173a6344196762c7c22349701
-
SHA1
2a2e8cc40b0eaab05f4b0a250e05f08da75fe3ef
-
SHA256
5794fe895add64b381c9dba037a6c94c9313dbfcc30502708f093cea2a22e590
-
SHA512
32291448389a128987a853c0baaf783810d5d1b8cca7e74ce62c12fd26932f878888dfadac0181cb7c263e9519fede413b078322e906f4ff1022bc3efb664bb5
-
SSDEEP
1536:W4psLUay6+vl/B1aIuy8Umx9ECYHXwtdxwxa8v6jM0D1:xary6+vdmIuy8UKxxwxrv4Mo1
Score9/10-
Contacts a large (17113) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-