Extracted

• • Target

    djobgbiuie.virus

  • Size

    647KB

  • MD5

    2b083aaf4c29ab9952be58294a5fea6f

  • SHA1

    742cc974582435a39f871a843a1509ee2326dca4

  • SHA256

    ab3c8f59b3b6a17814c71012cfb0cba141fcf1fe7a6fbbeada59023ed5342e67

  • SHA512

    78942fb4e91e9221e4296db70790cca085e2d63c0a10032595b5c72970d34ff9adefe62e056e97e0c63ecfa9aa9bdf7e669a02d81176b1fd7ff280c6663f0862

  • SSDEEP

    12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Tonbp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mb6wvnDWXMN

  Score

  7^/10

  persistence

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies rc script

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Write file to user bin folder

  • Reads runtime system information

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory

    Malware often drops required files in the /tmp directory.

  behavioral1