Analysis
-
max time kernel
154s -
max time network
166s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
06-12-2024 05:52
Behavioral task
behavioral1
Sample
cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118
Resource
debian12-mipsel-20240221-en
General
-
Target
cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118
-
Size
32KB
-
MD5
cb60d56de32e6e0f4d462df6c60238fd
-
SHA1
b3602d7a5a7d2cda47fd21d24d696179d6ac29a8
-
SHA256
7371c735226fecf029ad5cd1529c9fc6e83b98d85fa438a7dd4a374509a08500
-
SHA512
4c89bcdaf1a4316badc99be44aa493e4fe9cde43626cf5c6e45c74e48f77281e477cb6850e8a022119364adeecac497260411adef06ee023437e32adb07c0a7f
-
SSDEEP
768:HnPNjyTesi5y7i15F6jy076K3LPR2AfBmXaqWEL:HnPNFd5t3M20+6wpqA
Malware Config
Extracted
mirai
UNSTABLE
cnctomecutie1337.mikeysyach.xyz
scanthembigbots.mikeysyach.xyz
Signatures
-
Mirai family
-
Contacts a large (29425) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118 File opened for modification /dev/misc/watchdog cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118 -
Unexpected DNS network traffic destination 22 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 Destination IP 4.0.1.0 -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118 File opened for modification /bin/watchdog cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118 -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 741 cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118