General

  • Target

    JaffaCakes118_f1c441cc7ed3bebb6a67039b21e15fdb711a76fa44c449d27c29ee8290659b86

  • Size

    65KB

  • Sample

    241221-x3qt3axkhw

  • MD5

    24966ba71152736ca0645a90162a4008

  • SHA1

    6e2be3b3145d4dea697acfc8d0c9da658b3d439b

  • SHA256

    f1c441cc7ed3bebb6a67039b21e15fdb711a76fa44c449d27c29ee8290659b86

  • SHA512

    f58ef65bfaf8c5a78a21367ee6b6fa8646441fed7bdd3637353a1f631ba69204470374b184b89107921c6962adc7d8e6126e67ca31db462b6deeb32051e3b46d

  • SSDEEP

    1536:w05TnjhHJDfTUOrifhqiNSMNxeJVSBOoU+G0FeStBlJ4mHGyl5Px:fnVp1rQq8SMNg6Bb/G0DBcmHG4b

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      b62663f78ed6ac311e8e7f3133ef8702cfb880eff661109659e485c574f3ccc7.elf

    • Size

      144KB

    • MD5

      958d2d0bcc11c017191be1bf310c1b03

    • SHA1

      a6408750603d65ffc176b0ce232d4917ed776194

    • SHA256

      b62663f78ed6ac311e8e7f3133ef8702cfb880eff661109659e485c574f3ccc7

    • SHA512

      2af0abb1d3a71aea0934edfb0267b8a548d1c84968196fbbf466daf215623b1bac0d8641e0d1c746be6ef64cb6ce02355930e5aa47a68c946c4a187b808be063

    • SSDEEP

      3072:dHJsafpCxVoEcameWxaURhK4HVbKbjQzt0oM/9XD4oOp9j:7safmVrcameWxaURM4E3QztfM/9XDLOX

    • Contacts a large (68313) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks