Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
12-12-2024 16:58
Behavioral task
behavioral1
Sample
e760c3ae6a8a16735523e8a299136758_JaffaCakes118
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
9 signatures
150 seconds
General
-
Target
e760c3ae6a8a16735523e8a299136758_JaffaCakes118
-
Size
31KB
-
MD5
e760c3ae6a8a16735523e8a299136758
-
SHA1
e3f8527bb11ebaa747fc0d14d861d90ee5449588
-
SHA256
880805855e0e0920f84f5d177789b399bbc66da9cd2fef1dc90b8b717ec3d908
-
SHA512
3fb1c44cb925caf8b47b99d61fc12a0061b3be392b95fb13c493133c2649c5f18a660816c3232c5db3f0ecc095e405e71c29b4a1cac55534c721fd1a1557ff6e
-
SSDEEP
768:LwmOK8LjpZeRQwb+xob22HTCB+x8MeMTWT:UceZJa+xodCB+SFMq
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
MIRAI
Signatures
-
Mirai family
-
Contacts a large (20566) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for modification /dev/misc/watchdog e760c3ae6a8a16735523e8a299136758_JaffaCakes118 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp e760c3ae6a8a16735523e8a299136758_JaffaCakes118 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp e760c3ae6a8a16735523e8a299136758_JaffaCakes118 -
description ioc Process File opened for reading /proc/1256/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1327/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1382/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1393/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/842/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/911/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/987/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1149/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/672/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/712/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/709/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1267/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/708/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/944/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/950/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1062/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/725/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/879/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1037/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1201/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1283/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/711/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/977/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1111/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1185/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/167/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/867/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/932/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1378/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/144/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/432/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/703/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1289/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/380/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/971/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1131/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1143/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/840/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1126/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/696/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/695/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1066/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/713/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1043/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1099/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/377/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1053/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1240/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1372/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1160/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1246/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1316/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1350/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/354/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/672/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/702/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/888/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1324/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/356/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/677/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/954/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/1163/exe e760c3ae6a8a16735523e8a299136758_JaffaCakes118 File opened for reading /proc/324/fd e760c3ae6a8a16735523e8a299136758_JaffaCakes118