Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    08-10-2024 04:54

General

  • Target

    1faee374d3afa46bbf2f82ef12194b11_JaffaCakes118

  • Size

    30KB

  • MD5

    1faee374d3afa46bbf2f82ef12194b11

  • SHA1

    e75245e2f4c8b756340e7af43283980463127912

  • SHA256

    c7ed8eee515ba6854485dc124f13dd1400c9ee9806da740e54fef04dfa9542ad

  • SHA512

    530e37a544d70e41ef3aa66e67f893d91a1f8ebc909abf6561cee3787b5bb2d8cc95ae4e0d4761dad21e240cf49ce4ab353852abda9401398f80f0d0b29ab172

  • SSDEEP

    384:bJbhzdJvVIB9AtMhZ0gKIll+DHziWlwioHzk5qE3RBParXxrHCfyM7ts0GF/dpyG:bBNKBl0gDMHmWlb5qePabKtjGTw3UP

Malware Config

Extracted

Family

mirai

Botnet

WICKED

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/1faee374d3afa46bbf2f82ef12194b11_JaffaCakes118
    /tmp/1faee374d3afa46bbf2f82ef12194b11_JaffaCakes118
    1⤵
    • Reads runtime system information
    PID:647

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/647-1-0x00008000-0x00022700-memory.dmp