Analysis
-
max time kernel
153s -
max time network
163s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
-
submitted
02/12/2024, 18:19
General
-
Target
b989be97b721b0ca5b52a8c5cc98171b_JaffaCakes118
-
Size
31KB
-
MD5
b989be97b721b0ca5b52a8c5cc98171b
-
SHA1
de4b2b1d44ff21a355bcdd4c7f0f1b76ccc4c41e
-
SHA256
c845d69bc40db859c8f1bca255746b71ac59832fccade5495b8fc959ee31b332
-
SHA512
3162097b273176ad4f2b8adc694d17b7179879d1c9d94e1757474dc8a1f8c9702835b6f6d28ca8507b606f192e7997cb32140d6bcda8801e05af3faccfd82a59
-
SSDEEP
768:gaE/SE6PLCQWy58+K+3AHK5VokPrm+AAFGiRzWUrXF7qWV:KSPLCtSiK5VokzP3zjTFp
Malware Config
Extracted
mirai
LZRD
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (19516) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 41 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/b989be97b721b0ca5b52a8c5cc98171b_JaffaCakes118/tmp/b989be97b721b0ca5b52a8c5cc98171b_JaffaCakes1181⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads system network configuration
- Reads runtime system information