Extracted

• • Target

    a9f55f5a8b912b37eb511967d4d919d21469b17fc0e10abb42884a8e705890e8

  • Size

    549KB

  • MD5

    edd7e70f803541a0d29595065d25cac9

  • SHA1

    44d43ff65bbbcec481fde7dffc838e6c6b33b846

  • SHA256

    a9f55f5a8b912b37eb511967d4d919d21469b17fc0e10abb42884a8e705890e8

  • SHA512

    170ef329299d7201850fe845392914245ac679315119f8c5454cb17edc5c0b8af026951e4f6470c7fdaf8333ec1fa68c778d4e2f03e6aed00b48c546868d2405

  • SSDEEP

    12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO

  Score

  9^/10

  persistence

  • Writes file to system bin folder

  • Modifies rc script

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Writes file to shm directory

    Malware can drop malicious files in the shm directory which will run directly from RAM.

  • Writes file to tmp directory

    Malware often drops required files in the /tmp directory.

  behavioral1