General

  • Target

    ddfe9ef83f1ea92a6e62610d4eec0888_JaffaCakes118

  • Size

    21KB

  • Sample

    240913-jqfxfasckm

  • MD5

    ddfe9ef83f1ea92a6e62610d4eec0888

  • SHA1

    f2e572c4579a24baf79a1147c1e733c5f10b3c3e

  • SHA256

    1f5fcb6ed9683bcff641582942631cfbee74cd8aa40f8da63265edc454e55dbd

  • SHA512

    b6f836725c5d946d6c861faa9cf0ec7bcec3405a96a5beada8988b0bb6bee40ea43da252e1d5558a4fa5a47077496be7f53e1f4745da9f110e6595ca912f75fa

  • SSDEEP

    384:VZJwldSonJ6cZvhDE0mkgS092M6SywYvLDN9oBudT38hIzH92CBbgjhymdGUop50:J65nJbhHmT/bywYXN9LlH8js3Uoz0

Malware Config

Extracted

Family

mirai

Botnet

UNST

Targets

    • Target

      ddfe9ef83f1ea92a6e62610d4eec0888_JaffaCakes118

    • Size

      21KB

    • MD5

      ddfe9ef83f1ea92a6e62610d4eec0888

    • SHA1

      f2e572c4579a24baf79a1147c1e733c5f10b3c3e

    • SHA256

      1f5fcb6ed9683bcff641582942631cfbee74cd8aa40f8da63265edc454e55dbd

    • SHA512

      b6f836725c5d946d6c861faa9cf0ec7bcec3405a96a5beada8988b0bb6bee40ea43da252e1d5558a4fa5a47077496be7f53e1f4745da9f110e6595ca912f75fa

    • SSDEEP

      384:VZJwldSonJ6cZvhDE0mkgS092M6SywYvLDN9oBudT38hIzH92CBbgjhymdGUop50:J65nJbhHmT/bywYXN9LlH8js3Uoz0

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (62385) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks