Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    13/10/2024, 18:23

General

  • Target

    41604f752316709081102a7a6d2bdd45_JaffaCakes118

  • Size

    46KB

  • MD5

    41604f752316709081102a7a6d2bdd45

  • SHA1

    e9d5ddfb865539002167d80f9638586cc5356b39

  • SHA256

    7b001458fcb463ea2aa1d7f7e0629dc1ae2c868df476e448dca3b0ed6b4e0b52

  • SHA512

    1f0bb27438cd9d47d1dc11ad61c0ca1f931634d33c54d9d27d11e5945323daa9de1de8dce40bba3cf8a0df3ddcccd3baec72e624011158ab0e9efae72ba49683

  • SSDEEP

    768:/iconZIW1jcSfEG8AVbDtgsb0SVW1GVjV9q3UEL3UKQc9V6GIIOeMaP:/FW1jtVtLNVW+EL3Utc9VDvOeMm

Malware Config

Extracted

Family

mirai

Botnet

UNST

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (220979) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/41604f752316709081102a7a6d2bdd45_JaffaCakes118
    /tmp/41604f752316709081102a7a6d2bdd45_JaffaCakes118
    1⤵
    • Reads runtime system information
    • Writes file to tmp directory
    PID:660

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads