General

  • Target

    e3113478dc60ca208801aec1d9043767_JaffaCakes118

  • Size

    57KB

  • Sample

    241211-y47pms1qbr

  • MD5

    e3113478dc60ca208801aec1d9043767

  • SHA1

    ca6027954315f4f646d8fba65ab790c4a2902b4f

  • SHA256

    120df2cde51a308b0c352a99e5bd5d5f62b8c692a328b128c78d70b32fc2554b

  • SHA512

    3227b40fbe8d038d26729c7883ad1e565542e4bebd4335b29b768e532dd3a29807cff6ee76377c876c27e9c59c4531df2fe7a5ba57264248c8a5192b341588b2

  • SSDEEP

    1536:XOZsgTUYDWJVtJ04OD1aQjC/AmIcJESXNYWvvoSXaCu9mzerM:AVTOJVY4ODLAqgE+RBXaB0eA

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

cnc.casualaffinity.net

scan.casualaffinity.net

Targets

    • Target

      e3113478dc60ca208801aec1d9043767_JaffaCakes118

    • Size

      57KB

    • MD5

      e3113478dc60ca208801aec1d9043767

    • SHA1

      ca6027954315f4f646d8fba65ab790c4a2902b4f

    • SHA256

      120df2cde51a308b0c352a99e5bd5d5f62b8c692a328b128c78d70b32fc2554b

    • SHA512

      3227b40fbe8d038d26729c7883ad1e565542e4bebd4335b29b768e532dd3a29807cff6ee76377c876c27e9c59c4531df2fe7a5ba57264248c8a5192b341588b2

    • SSDEEP

      1536:XOZsgTUYDWJVtJ04OD1aQjC/AmIcJESXNYWvvoSXaCu9mzerM:AVTOJVY4ODLAqgE+RBXaB0eA

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Contacts a large (157109) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks