General
-
Target
e884e8dd2780475844393fa822a28bf7_JaffaCakes118
-
Size
29KB
-
Sample
240918-ha1fgaxbld
-
MD5
e884e8dd2780475844393fa822a28bf7
-
SHA1
b54546072e499df3001a9fb37b69ccce780c9eb1
-
SHA256
b77099a55f7ee0531ede97486389682b816b3f7f13b6d67a297d76c334c8875d
-
SHA512
a74c137b52eb3dd44c6b94bec9c3fec2ac75fa20ca34e9839735d77c9dce1c93873017397def3724504eee7fa4cf82a887b07d4b7723725ce48c388c19e68180
-
SSDEEP
384:MaqMzN8f05Rpjk5Yfo2xZUzKmQAHHOvgm0PtsgV9Ju8Uaux7+fqSB+figWbETRIS:VhN8fWlfowmQA3V97FmSBtboMAQRNEB
Malware Config
Extracted
mirai
UNST
Targets
-
-
Target
e884e8dd2780475844393fa822a28bf7_JaffaCakes118
-
Size
29KB
-
MD5
e884e8dd2780475844393fa822a28bf7
-
SHA1
b54546072e499df3001a9fb37b69ccce780c9eb1
-
SHA256
b77099a55f7ee0531ede97486389682b816b3f7f13b6d67a297d76c334c8875d
-
SHA512
a74c137b52eb3dd44c6b94bec9c3fec2ac75fa20ca34e9839735d77c9dce1c93873017397def3724504eee7fa4cf82a887b07d4b7723725ce48c388c19e68180
-
SSDEEP
384:MaqMzN8f05Rpjk5Yfo2xZUzKmQAHHOvgm0PtsgV9Ju8Uaux7+fqSB+figWbETRIS:VhN8fWlfowmQA3V97FmSBtboMAQRNEB
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (20448) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-