Analysis
-
max time kernel
152s -
max time network
163s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
15-12-2024 00:38
Behavioral task
behavioral1
Sample
f179729d93651980c06727ae565f4413_JaffaCakes118
Resource
debian12-mipsel-20240221-en
debian-12-mipsel
9 signatures
150 seconds
General
-
Target
f179729d93651980c06727ae565f4413_JaffaCakes118
-
Size
30KB
-
MD5
f179729d93651980c06727ae565f4413
-
SHA1
d58c15ceea23b53a2a089bd75907adc0db819fca
-
SHA256
710f53f52723d47d7595ce0ba4cb1ccf90c7e7146125321753f3fa112cc0baa3
-
SHA512
68255344846adf90413817907e3d3d1e45ead03b3a865516d875fc199653584778ff24e3ea6dee9f37fdf301be7db1ad5d9354c60ea6fc183961d1a080f64e14
-
SSDEEP
768:zygIKfw8EBsLpWEvMW9gvvDM8RY/xdf77WF:Jh3EBsLplvTYTRb
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
MIRAI
Signatures
-
Mirai family
-
Contacts a large (17971) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for modification /dev/misc/watchdog f179729d93651980c06727ae565f4413_JaffaCakes118 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp f179729d93651980c06727ae565f4413_JaffaCakes118 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp f179729d93651980c06727ae565f4413_JaffaCakes118 -
description ioc Process File opened for reading /proc/917/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/876/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/696/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/750/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/826/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/851/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/952/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/1010/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/385/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/714/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/689/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/1002/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/843/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/771/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/833/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/848/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/961/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/541/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/986/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/1015/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/712/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/787/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/806/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/951/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/393/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/873/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/929/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/355/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/788/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/937/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/358/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/683/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/874/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/878/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/958/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/1008/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/1021/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/201/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/714/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/985/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/855/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/948/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/953/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/830/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/353/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/743/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/795/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/847/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/179/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/683/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/875/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/936/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/1018/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/827/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/789/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/894/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/744/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/822/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/427/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/880/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/1014/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/741/fd f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/790/exe f179729d93651980c06727ae565f4413_JaffaCakes118 File opened for reading /proc/890/exe f179729d93651980c06727ae565f4413_JaffaCakes118