General
-
Target
c74dc42bbe440932db0f1d72a2353a02_JaffaCakes118
-
Size
61KB
-
Sample
241205-mqteba1jfy
-
MD5
c74dc42bbe440932db0f1d72a2353a02
-
SHA1
9224e2a0b5e860d6ee3bf3c0658060308f7c2cee
-
SHA256
838128b004b0a6fb943655bae105acc61b2d9370b705e2bdbec330bc514ed442
-
SHA512
e4e20405439b592680ebc3f32489bb827f028f8e41c8d4ef40a616a5b452b20414cf94a48762b72a2978c3f224b41909f12241351639a86a3f1e15dc86557f70
-
SSDEEP
1536:rdZ2PuURL7ORsW38Iva/6pYPqexmtUffQfmX5hT:rdYuU0RD38ipnexl15h
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
c74dc42bbe440932db0f1d72a2353a02_JaffaCakes118
-
Size
61KB
-
MD5
c74dc42bbe440932db0f1d72a2353a02
-
SHA1
9224e2a0b5e860d6ee3bf3c0658060308f7c2cee
-
SHA256
838128b004b0a6fb943655bae105acc61b2d9370b705e2bdbec330bc514ed442
-
SHA512
e4e20405439b592680ebc3f32489bb827f028f8e41c8d4ef40a616a5b452b20414cf94a48762b72a2978c3f224b41909f12241351639a86a3f1e15dc86557f70
-
SSDEEP
1536:rdZ2PuURL7ORsW38Iva/6pYPqexmtUffQfmX5hT:rdYuU0RD38ipnexl15h
Score9/10-
Contacts a large (109994) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-