General
-
Target
Untitled.i
-
Size
83KB
-
Sample
230731-dnyftacd48
-
MD5
b8ed2cb3e9fedec5b164ce84ad5a08d0
-
SHA1
b45ef9ad0a29b0a402d1613b10c3f6e95686230c
-
SHA256
d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a
-
SHA512
98aa6abf6bc6b27ea2833122c468e436c267ef40c5ecbbd6446174d0859920e7b7bbcec617e12d7aa9e89e0492e5dcf4cf49a6208e7252fd0619047818454a31
-
SSDEEP
1536:m3LqE6rUQWzVQR7iAGEcUT5PIi7pLqBNs4LOjcwf4nB6XuzGNy+iSc7tNUZM:mOE6PWo1T5bz4LVMXuzVNScWM
Malware Config
Targets
-
-
Target
Untitled.i
-
Size
83KB
-
MD5
b8ed2cb3e9fedec5b164ce84ad5a08d0
-
SHA1
b45ef9ad0a29b0a402d1613b10c3f6e95686230c
-
SHA256
d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a
-
SHA512
98aa6abf6bc6b27ea2833122c468e436c267ef40c5ecbbd6446174d0859920e7b7bbcec617e12d7aa9e89e0492e5dcf4cf49a6208e7252fd0619047818454a31
-
SSDEEP
1536:m3LqE6rUQWzVQR7iAGEcUT5PIi7pLqBNs4LOjcwf4nB6XuzGNy+iSc7tNUZM:mOE6PWo1T5bz4LVMXuzVNScWM
Score9/10-
Contacts a large (15329) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Deletes itself
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-