Analysis
-
max time kernel
113s -
max time network
162s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
11-12-2024 20:21
Behavioral task
behavioral1
Sample
e3113478dc60ca208801aec1d9043767_JaffaCakes118
Resource
debian12-armhf-20240221-en
General
-
Target
e3113478dc60ca208801aec1d9043767_JaffaCakes118
-
Size
57KB
-
MD5
e3113478dc60ca208801aec1d9043767
-
SHA1
ca6027954315f4f646d8fba65ab790c4a2902b4f
-
SHA256
120df2cde51a308b0c352a99e5bd5d5f62b8c692a328b128c78d70b32fc2554b
-
SHA512
3227b40fbe8d038d26729c7883ad1e565542e4bebd4335b29b768e532dd3a29807cff6ee76377c876c27e9c59c4531df2fe7a5ba57264248c8a5192b341588b2
-
SSDEEP
1536:XOZsgTUYDWJVtJ04OD1aQjC/AmIcJESXNYWvvoSXaCu9mzerM:AVTOJVY4ODLAqgE+RBXaB0eA
Malware Config
Extracted
mirai
UNSTABLE
cnc.casualaffinity.net
scan.casualaffinity.net
Signatures
-
Mirai family
-
Contacts a large (157109) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog e3113478dc60ca208801aec1d9043767_JaffaCakes118 File opened for modification /dev/misc/watchdog e3113478dc60ca208801aec1d9043767_JaffaCakes118 -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog e3113478dc60ca208801aec1d9043767_JaffaCakes118 File opened for modification /bin/watchdog e3113478dc60ca208801aec1d9043767_JaffaCakes118 -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 709 e3113478dc60ca208801aec1d9043767_JaffaCakes118 -
description ioc Process File opened for reading /proc/self/exe e3113478dc60ca208801aec1d9043767_JaffaCakes118 -
cURL User-Agent 64 IoCs
Uses User-Agent string associated with cURL utility.
description flow ioc HTTP User-Agent header 65725 curl/7.3.2 HTTP User-Agent header 91036 curl/7.3.2 HTTP User-Agent header 108986 curl/7.3.2 HTTP User-Agent header 158137 curl/7.3.2 HTTP User-Agent header 1510 curl/7.3.2 HTTP User-Agent header 27091 curl/7.3.2 HTTP User-Agent header 47999 curl/7.3.2 HTTP User-Agent header 53869 curl/7.3.2 HTTP User-Agent header 107641 curl/7.3.2 HTTP User-Agent header 48012 curl/7.3.2 HTTP User-Agent header 16983 curl/7.3.2 HTTP User-Agent header 27092 curl/7.3.2 HTTP User-Agent header 47995 curl/7.3.2 HTTP User-Agent header 77714 curl/7.3.2 HTTP User-Agent header 79074 curl/7.3.2 HTTP User-Agent header 91032 curl/7.3.2 HTTP User-Agent header 121326 curl/7.3.2 HTTP User-Agent header 27093 curl/7.3.2 HTTP User-Agent header 65739 curl/7.3.2 HTTP User-Agent header 83872 curl/7.3.2 HTTP User-Agent header 88338 curl/7.3.2 HTTP User-Agent header 91031 curl/7.3.2 HTTP User-Agent header 89528 curl/7.3.2 HTTP User-Agent header 1512 curl/7.3.2 HTTP User-Agent header 95747 curl/7.3.2 HTTP User-Agent header 108822 curl/7.3.2 HTTP User-Agent header 52527 curl/7.3.2 HTTP User-Agent header 92544 curl/7.3.2 HTTP User-Agent header 102167 curl/7.3.2 HTTP User-Agent header 16973 curl/7.3.2 HTTP User-Agent header 27266 curl/7.3.2 HTTP User-Agent header 85054 curl/7.3.2 HTTP User-Agent header 89131 curl/7.3.2 HTTP User-Agent header 103159 curl/7.3.2 HTTP User-Agent header 18164 curl/7.3.2 HTTP User-Agent header 77710 curl/7.3.2 HTTP User-Agent header 38161 curl/7.3.2 HTTP User-Agent header 89500 curl/7.3.2 HTTP User-Agent header 121335 curl/7.3.2 HTTP User-Agent header 1504 curl/7.3.2 HTTP User-Agent header 16971 curl/7.3.2 HTTP User-Agent header 48008 curl/7.3.2 HTTP User-Agent header 65720 curl/7.3.2 HTTP User-Agent header 83710 curl/7.3.2 HTTP User-Agent header 115238 curl/7.3.2 HTTP User-Agent header 122520 curl/7.3.2 HTTP User-Agent header 3995 curl/7.3.2 HTTP User-Agent header 10963 curl/7.3.2 HTTP User-Agent header 47831 curl/7.3.2 HTTP User-Agent header 49193 curl/7.3.2 HTTP User-Agent header 79240 curl/7.3.2 HTTP User-Agent header 79242 curl/7.3.2 HTTP User-Agent header 88336 curl/7.3.2 HTTP User-Agent header 155264 curl/7.3.2 HTTP User-Agent header 156055 curl/7.3.2 HTTP User-Agent header 31544 curl/7.3.2 HTTP User-Agent header 31552 curl/7.3.2 HTTP User-Agent header 68952 curl/7.3.2 HTTP User-Agent header 107645 curl/7.3.2 HTTP User-Agent header 155073 curl/7.3.2 HTTP User-Agent header 156328 curl/7.3.2 HTTP User-Agent header 44241 curl/7.3.2 HTTP User-Agent header 76362 curl/7.3.2 HTTP User-Agent header 102123 curl/7.3.2