General
-
Target
da5fbfbff01c8250390b719b46913e95_JaffaCakes118
-
Size
845KB
-
Sample
240911-pyn6ns1ere
-
MD5
da5fbfbff01c8250390b719b46913e95
-
SHA1
516c397278b2ac4ab155ddf53a75fc5452e0ea5e
-
SHA256
6c0b966a5aeb37a510ee8c230d768257687bc35b82c9bd3d7858c96d51ee9f86
-
SHA512
6a35c77be6b059da82c02c9eaf6cf8f0b54aba6d5b9236b398dd3cd2a1a06e030846e99b6f4d57147a06853137755b0112a36a4d1b7ce61e6df1d90f4dc4226d
-
SSDEEP
6144:9rVMUsu/gErGHjTVDyD8W0SibB8Gh6BFc8oy0xCpt5XKC01IY2MOmzub9a5oA6wL:xrEMPhbuSwHfn2yPN0F/a
Malware Config
Extracted
mirai
ECHOBOT
Targets
-
-
Target
da5fbfbff01c8250390b719b46913e95_JaffaCakes118
-
Size
845KB
-
MD5
da5fbfbff01c8250390b719b46913e95
-
SHA1
516c397278b2ac4ab155ddf53a75fc5452e0ea5e
-
SHA256
6c0b966a5aeb37a510ee8c230d768257687bc35b82c9bd3d7858c96d51ee9f86
-
SHA512
6a35c77be6b059da82c02c9eaf6cf8f0b54aba6d5b9236b398dd3cd2a1a06e030846e99b6f4d57147a06853137755b0112a36a4d1b7ce61e6df1d90f4dc4226d
-
SSDEEP
6144:9rVMUsu/gErGHjTVDyD8W0SibB8Gh6BFc8oy0xCpt5XKC01IY2MOmzub9a5oA6wL:xrEMPhbuSwHfn2yPN0F/a
Score9/10-
Contacts a large (471635) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-