Analysis
-
max time kernel
129s -
max time network
152s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240729-en -
resource tags
-
submitted
18-10-2024 20:47
General
-
Target
594f7d615f4cc27eee8c50b83f66f52d_JaffaCakes118
-
Size
37KB
-
MD5
594f7d615f4cc27eee8c50b83f66f52d
-
SHA1
b1a4e64943664ab7238cdaae5e52a2a3029128ae
-
SHA256
72b4dac6dd3626cd7862190409d712ff87afd628a89f2904ca6a1f24b600c573
-
SHA512
f3e96ea8bf0d76b7e937482def7136dcbbd8704559840e511b0359fef6319a8ed1850d660e1f286e21002643173893cfe6affc109ee03ca924a11d416b20f7b9
-
SSDEEP
768:tygbFSwbUBq2PwiwtQaLK0PboLnlB315HaU0mOxyA4WMk:X/baqmwiwtQafP2B3LLgt
Malware Config
Extracted
mirai
UNSTABLE
saoascnc.duckdns.org
methla.duckdns.org
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (83542) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 2 IoCs
-
Changes its process name 1 IoCs
-
Reads runtime system information 27 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/594f7d615f4cc27eee8c50b83f66f52d_JaffaCakes118/tmp/594f7d615f4cc27eee8c50b83f66f52d_JaffaCakes1181⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name
- Reads runtime system information