General
-
Target
b26095fe4bf9280184486ad20f28f968_JaffaCakes118
-
Size
78KB
-
Sample
241129-tmwtlayqfl
-
MD5
b26095fe4bf9280184486ad20f28f968
-
SHA1
d62e5245e857dfd57fbfb3a40795b41e038990c8
-
SHA256
3ba36ff89bf99503099c951409a0f9d0a357629768cb8f801f1336ff5452db11
-
SHA512
e060ddf2e1f6f1acca5d970f3ad706f092137f357c88d2207ac746286ab7bff94e9b13f5dd16af6e33115cfd6d5d9f570288257f6914b7026e8d8401ac110d75
-
SSDEEP
1536:Bg9bxyWp6hbJd+KzK7h8nh4ftjKUPPOy1u5j3vcy3mY:BMk9JdWpftjKUPGyyj3P
Malware Config
Targets
-
-
Target
b26095fe4bf9280184486ad20f28f968_JaffaCakes118
-
Size
78KB
-
MD5
b26095fe4bf9280184486ad20f28f968
-
SHA1
d62e5245e857dfd57fbfb3a40795b41e038990c8
-
SHA256
3ba36ff89bf99503099c951409a0f9d0a357629768cb8f801f1336ff5452db11
-
SHA512
e060ddf2e1f6f1acca5d970f3ad706f092137f357c88d2207ac746286ab7bff94e9b13f5dd16af6e33115cfd6d5d9f570288257f6914b7026e8d8401ac110d75
-
SSDEEP
1536:Bg9bxyWp6hbJd+KzK7h8nh4ftjKUPPOy1u5j3vcy3mY:BMk9JdWpftjKUPGyyj3P
Score9/10-
Contacts a large (102162) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes file to system bin folder
-