Extracted

• • Target

    ce57c7fbbd08148b1510f64d9a3c14ba_JaffaCakes118

  • Size

    31KB

  • MD5

    ce57c7fbbd08148b1510f64d9a3c14ba

  • SHA1

    739dac95dd35c4ca99b87fdf9578cc3c6f5e00fb

  • SHA256

    900f429de6a9d97ffd02db6c5d04203ece14d36b8eed7b3c4d323225d87d697f

  • SHA512

    cb898834db0f358ef0b009cc08cd4a94f1e016b239066447e9382866570429c86891c95523b9c3dc3d6eb0224ca42c057b0a1e1ee71e3bf0bd478835145d3507

  • SSDEEP

    768:FgyPkehVtIUh9H0uL9cpUV8/iNJPJgGlzDpOFw84:XPcU9H9sUS/4NVUWL

  Score

  10^/10

  mirairiftbotnetdefense_evasiondiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (19359) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder

  behavioral1