Extracted

• • Target

    6059162cbc124837b2ec0c1e7c9ffcabe3b8f3a0d37ed85dd2c1df95a7731d18

  • Size

    647KB

  • MD5

    30a40fa230165defa421615ab9cfae20

  • SHA1

    3d9f11764e0a479361117749211295d8aa2626da

  • SHA256

    6059162cbc124837b2ec0c1e7c9ffcabe3b8f3a0d37ed85dd2c1df95a7731d18

  • SHA512

    cedcf09cf55c4aa554321814278f6dc8c2e883a228c766833b3d2aa22c5b1d5f72e1aeced3fe671a0247d08b6ea51765362934db3987153c82ccbe5ed36457c1

  • SSDEEP

    12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1TonTp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mT6wvnDWXMN

  Score

  7^/10

  persistence

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies rc script

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Write file to user bin folder

  • Reads runtime system information

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory

    Malware often drops required files in the /tmp directory.

  behavioral1