Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    13/10/2024, 17:54

General

  • Target

    41445aa60caae0ce06989005d2158f82_JaffaCakes118

  • Size

    66KB

  • MD5

    41445aa60caae0ce06989005d2158f82

  • SHA1

    035c0870ce17a1d11b98461d80e47ba960c59ec3

  • SHA256

    833f944e82b4d95d95f42c82e6fa01ea1f635b753338d8f88fcf1e8a9f6ae1df

  • SHA512

    5cd7aa63aaf7cfabbba00bcdd37111da7e0acb492a69e08478933c9799aea999ea4755d0a28ea15fc3981d5f338bddcd13508ba28c6a0b0bd868c95baa71cb57

  • SSDEEP

    1536:vVo7DPL4KwGpgLb1/YmEI0Kd1jy1D86ucvcrgS44LS0XCwjBaOr5wm9dqc:+LL4KhpSpgtUbjy1DAgSXL9aOrn

Score
10/10

Malware Config

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/41445aa60caae0ce06989005d2158f82_JaffaCakes118
    /tmp/41445aa60caae0ce06989005d2158f82_JaffaCakes118
    1⤵
    • Reads runtime system information
    PID:646
    • /bin/sh
      /bin/sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP"
      2⤵
        PID:647
        • /sbin/iptables
          iptables -A INPUT -p tcp --destination-port 23 -j DROP
          3⤵
            PID:648
        • /bin/sh
          /bin/sh -c "iptables -A INPUT -p tcp --destination-port 37215 -j DROP"
          2⤵
            PID:659
            • /sbin/iptables
              iptables -A INPUT -p tcp --destination-port 37215 -j DROP
              3⤵
                PID:661

          Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads