General
-
Target
cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118
-
Size
121KB
-
Sample
240906-rta5cs1dqr
-
MD5
cfbfb4a03ece1cda6b9d35a1db0fab6b
-
SHA1
3de925cb4c95ded7fa5ed4de4ff5805648bb1482
-
SHA256
593618364f32ed25961d97e46f2fce3b161db9b68056ecc11649cc388871641f
-
SHA512
69280447f8b2e6fd476bbd75f1b44bc9165ff51d669d8295bef369d58fac981d09c5907e2631cbd3c7c405fbe210aa248521dd811464fdb656d4b7a8edac8726
-
SSDEEP
1536:3FHJgo84HBLsBf4No65O4mnLI2N23TQ2iqVbhPJ6Q4K2AUyWmeuVknsYRpVP87k+:3Uo86BLEAa6gDL9WPJX2AUD729upBo
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118
-
Size
121KB
-
MD5
cfbfb4a03ece1cda6b9d35a1db0fab6b
-
SHA1
3de925cb4c95ded7fa5ed4de4ff5805648bb1482
-
SHA256
593618364f32ed25961d97e46f2fce3b161db9b68056ecc11649cc388871641f
-
SHA512
69280447f8b2e6fd476bbd75f1b44bc9165ff51d669d8295bef369d58fac981d09c5907e2631cbd3c7c405fbe210aa248521dd811464fdb656d4b7a8edac8726
-
SSDEEP
1536:3FHJgo84HBLsBf4No65O4mnLI2N23TQ2iqVbhPJ6Q4K2AUyWmeuVknsYRpVP87k+:3Uo86BLEAa6gDL9WPJX2AUD729upBo
Score9/10-
Contacts a large (2720) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-