General

  • Target

    JaffaCakes118_a3a2e1b55e4d031fab2e57f28a1f331a3bf33b3bafc84c109aa85a105879dbf7

  • Size

    52KB

  • Sample

    241223-tkhh7atrdr

  • MD5

    5c1a8ac56d0a6065c353ef0aa5ceaef3

  • SHA1

    bd638652072d984c79fc9d912bc959f0540003b3

  • SHA256

    a3a2e1b55e4d031fab2e57f28a1f331a3bf33b3bafc84c109aa85a105879dbf7

  • SHA512

    72c60a53d0acb2c357f9b98d4389e12094726b41805e97b8cd4fe199fa9a28c8b7b7feebf85ef548aecd3540f061fade0667f2f645a040e930203091dd9e82dd

  • SSDEEP

    1536:oGvP7UkW2vfNG3XJSWVjRU3tORvIpi4haPU:oGvFs3XJSORU3t+vEirU

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      22c8f459658d7a9bc41ad39c5491d6013e68a0fd95b6b9d28ccfb84754eabadd

    • Size

      117KB

    • MD5

      1ffc6391cbd14941a6bbf63e99574ba3

    • SHA1

      e0d0ed3bbd07ac82c62b36c90e98306f7e666f16

    • SHA256

      22c8f459658d7a9bc41ad39c5491d6013e68a0fd95b6b9d28ccfb84754eabadd

    • SHA512

      43e739848da6df1d94c7b3fdeb5cf9fe6bbdea5c5acc58c02f875ce1fe6a7dce0615bdd29c72cce2e07067629b69ab84a38def50c96928e4a96f6401d0f35eda

    • SSDEEP

      3072:FQXIXLM947iz8QDvxdEOm/oic4s0au37mM/9HM:eXIY947iYAvxdEOmAio0auCM/9HM

    • Contacts a large (227902) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks