General
-
Target
e1c970af6d0cd574cb68b57585fd8854_JaffaCakes118
-
Size
140KB
-
Sample
241211-rbsxfsvqdy
-
MD5
e1c970af6d0cd574cb68b57585fd8854
-
SHA1
05d306f5b359e67a0bda02c2660eaaef1e06234f
-
SHA256
87334783de5e1e3ad5c76d65b7c48e7b38a9a19ca8fbc178752f7f47e7749478
-
SHA512
2419da2e5a3d57ac78f320694e9c9aa735dfa6bed83ec0d4b667f3a6943080759edc13f0ea495019dfa7e525022537c9aa38dceddbc97e001dc399cccde7699c
-
SSDEEP
3072:Pib6EdR0WkE1JYqNoN6juvMuK/U6YQX4aXWZ2M/94/r:WnRpkE/VuvMuK//Y5aX9M/94/r
Malware Config
Targets
-
-
Target
e1c970af6d0cd574cb68b57585fd8854_JaffaCakes118
-
Size
140KB
-
MD5
e1c970af6d0cd574cb68b57585fd8854
-
SHA1
05d306f5b359e67a0bda02c2660eaaef1e06234f
-
SHA256
87334783de5e1e3ad5c76d65b7c48e7b38a9a19ca8fbc178752f7f47e7749478
-
SHA512
2419da2e5a3d57ac78f320694e9c9aa735dfa6bed83ec0d4b667f3a6943080759edc13f0ea495019dfa7e525022537c9aa38dceddbc97e001dc399cccde7699c
-
SSDEEP
3072:Pib6EdR0WkE1JYqNoN6juvMuK/U6YQX4aXWZ2M/94/r:WnRpkE/VuvMuK//Y5aX9M/94/r
Score9/10-
Contacts a large (23187) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-