General

  • Target

    fff162d6eb360e0c3fe3d9342d180057_JaffaCakes118

  • Size

    31KB

  • Sample

    241219-vztqfawpgv

  • MD5

    fff162d6eb360e0c3fe3d9342d180057

  • SHA1

    afcde80dcdc8b2373c8229453e8153bfda820407

  • SHA256

    dfdce837d9aea9f684bb64dc94d46085576764e481f61f90685fdeccfe8eabce

  • SHA512

    eef3493be805eff2810d089f762b8794c90a6766e10e66ed06db383ec8b7f6ae7747214ed9bc02c9734fbf448d91399d96cc37882d13b1497ae03edc2525ce63

  • SSDEEP

    384:X3fpCLrsjHIX69URc+hmnulY1qHprFKt6zhS45vDajssVwf62nZ+ma39RWGVCz0O:nfpWcehzJFYKgULAssKfbsma3LWx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      fff162d6eb360e0c3fe3d9342d180057_JaffaCakes118

    • Size

      31KB

    • MD5

      fff162d6eb360e0c3fe3d9342d180057

    • SHA1

      afcde80dcdc8b2373c8229453e8153bfda820407

    • SHA256

      dfdce837d9aea9f684bb64dc94d46085576764e481f61f90685fdeccfe8eabce

    • SHA512

      eef3493be805eff2810d089f762b8794c90a6766e10e66ed06db383ec8b7f6ae7747214ed9bc02c9734fbf448d91399d96cc37882d13b1497ae03edc2525ce63

    • SSDEEP

      384:X3fpCLrsjHIX69URc+hmnulY1qHprFKt6zhS45vDajssVwf62nZ+ma39RWGVCz0O:nfpWcehzJFYKgULAssKfbsma3LWx

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Contacts a large (20170) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks