Extracted

• • Target

    367-1-0x00008000-0x00027598-memory.dmp

  • Size

    96KB

  • MD5

    abcb0f5ed48b8f0adb7c984ed9fd6853

  • SHA1

    e25919c5e91793eaefad7d1df488964dfae14f8f

  • SHA256

    3e3fc1f451a5846fe9aec489f4f242c11a7b2654b55931d326530456e2dba9f0

  • SHA512

    6c38c4bda6ac2254bae42624c2e9ee24e41b39cc4718a71d515969b451cfb15754775098c5d82a9e30bc84c9125eb603fde268f9ff94959755c79ee70fff232f

  • SSDEEP

    3072:3gr50T4fWX9Uj0kgjUYZlwCT/bsNumaWGCaiEngWB:A50T4fWX9Uj1alwCT/bYu1WGCaVRB

  Score

  9^/10

  discovery

  • Contacts a large (95920) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Changes its process name

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Writes file to system bin folder

  behavioral1