Analysis

  • max time kernel
    154s
  • max time network
    166s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240221-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    06-12-2024 05:52

General

  • Target

    cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118

  • Size

    32KB

  • MD5

    cb60d56de32e6e0f4d462df6c60238fd

  • SHA1

    b3602d7a5a7d2cda47fd21d24d696179d6ac29a8

  • SHA256

    7371c735226fecf029ad5cd1529c9fc6e83b98d85fa438a7dd4a374509a08500

  • SHA512

    4c89bcdaf1a4316badc99be44aa493e4fe9cde43626cf5c6e45c74e48f77281e477cb6850e8a022119364adeecac497260411adef06ee023437e32adb07c0a7f

  • SSDEEP

    768:HnPNjyTesi5y7i15F6jy076K3LPR2AfBmXaqWEL:HnPNFd5t3M20+6wpqA

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

cnctomecutie1337.mikeysyach.xyz

scanthembigbots.mikeysyach.xyz

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Contacts a large (29425) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Unexpected DNS network traffic destination 22 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs

Processes

  • /tmp/cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118
    /tmp/cb60d56de32e6e0f4d462df6c60238fd_JaffaCakes118
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    PID:741

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads