Extracted

• • Target

    613-1-0x0000000008048000-0x000000000805aca0-memory.dmp

  • Size

    69KB

  • MD5

    c11da1566789c535e58c205c2d44b93f

  • SHA1

    69d9448b12b99640b93eca87ef4c8bc40d275ca2

  • SHA256

    837bddc445b82a5137d12a8b59b8ffc9b7cb539f8d1f08bc456f2b6dbd5b70b9

  • SHA512

    c119c0b09053fa4385f39b8365d5f99bb5965094f6091647d7fed1285926141032c8dc29498a945028d1007f93211c35ee4227926b566ab6b77bc124bb4b9900

  • SSDEEP

    1536:Ir8rDf545pEKvVC8bTGvTASW6L/6iZt58HPiatsT:Ir8rDf541vYoTGvTASWk/3ZL8HaGsT

  Score

  9^/10

  discovery

  • Contacts a large (20151) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  behavioral1