Overview

overview

10

Static

static

10

eeb2173d4d...kes118

debian-12-mipsel

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    eeb2173d4d249ead85681cd62a53d586_JaffaCakes118

  • Size

    98KB

  • Sample

    240921-ack5kavhnh

  • MD5

    eeb2173d4d249ead85681cd62a53d586

  • SHA1

    1d6645569a472574cb52869d75b2303dd504368b

  • SHA256

    0f14989ef7f864f07371ba68ef8de8f333f235e3d6b312e55f860620b43325b7

  • SHA512

    27f57940eebfcc364a28547cc4e9855a468681ba4b2e49aee2783f7fe5fd16434b2832cad293addc963962602356aa17ac8042a23b6079cc7e19cbc98868da80

  • SSDEEP

    1536:2n2DvOeyCwJM1KmLelEqQWyLbBvqZ1RAkA5:2n2DvOj2RiSvq4

Score
10/10
miraicredential_accessdefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

C2

cnc.rapeme.fun

scan.rapeme.fun

Targets

    • Target

      eeb2173d4d249ead85681cd62a53d586_JaffaCakes118

    • Size

      98KB

    • MD5

      eeb2173d4d249ead85681cd62a53d586

    • SHA1

      1d6645569a472574cb52869d75b2303dd504368b

    • SHA256

      0f14989ef7f864f07371ba68ef8de8f333f235e3d6b312e55f860620b43325b7

    • SHA512

      27f57940eebfcc364a28547cc4e9855a468681ba4b2e49aee2783f7fe5fd16434b2832cad293addc963962602356aa17ac8042a23b6079cc7e19cbc98868da80

    • SSDEEP

      1536:2n2DvOeyCwJM1KmLelEqQWyLbBvqZ1RAkA5:2n2DvOj2RiSvq4

    Score
    9/10
    credential_accessdefense_evasiondiscovery

    • Contacts a large (323040) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery

    • Writes file to system bin folder

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks