General

  • Target

    3d0340bde46aa7fbf54992940b879edb_JaffaCakes118

  • Size

    28KB

  • Sample

    241013-blr5xawbnj

  • MD5

    3d0340bde46aa7fbf54992940b879edb

  • SHA1

    b7a79deb1a3f059129bbb3b94dd1ee46d4dbe033

  • SHA256

    8b8e7756f6d9723a231a0cce6b9444302173487a80dd9e5f4a0e3886eb3dfe44

  • SHA512

    99c25044b8174c83fcb0e3457ec036109c76f69f85700cb8f6c6b789b63224028084ec432a12113be0eb25121dc604225fe36c34570a7c9b4365c7160787ad11

  • SSDEEP

    768:uK+CrM94ZUwfpV+y1TPS251cXmwTs3UozOB:uu+w5TPxrcXmw+zOB

Malware Config

Extracted

Family

mirai

Botnet

UNST

Targets

    • Target

      3d0340bde46aa7fbf54992940b879edb_JaffaCakes118

    • Size

      28KB

    • MD5

      3d0340bde46aa7fbf54992940b879edb

    • SHA1

      b7a79deb1a3f059129bbb3b94dd1ee46d4dbe033

    • SHA256

      8b8e7756f6d9723a231a0cce6b9444302173487a80dd9e5f4a0e3886eb3dfe44

    • SHA512

      99c25044b8174c83fcb0e3457ec036109c76f69f85700cb8f6c6b789b63224028084ec432a12113be0eb25121dc604225fe36c34570a7c9b4365c7160787ad11

    • SSDEEP

      768:uK+CrM94ZUwfpV+y1TPS251cXmwTs3UozOB:uu+w5TPxrcXmw+zOB

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (20650) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks