Extracted

• • Target

    00ca5d3a1dba28ade7b0a82ecc021d36

  • Size

    142KB

  • MD5

    00ca5d3a1dba28ade7b0a82ecc021d36

  • SHA1

    ffaadf403ad7d4796f77d5e2f216c8d98bf4560d

  • SHA256

    2882586d81f1e4e247e17e057a93203cfaa130d5f3049268b4a49eb6b947dd41

  • SHA512

    7f953f03792cbeb85dfdda357903fee0a4159ecdcd1c936be481d6ebf5b66f339c8af8e5a055ea5207f8d796da3870314e0de6c41e94a81754c02d9b3cf6b5c1

  • SSDEEP

    3072:pZtDFK15gF72ljgvr7RD9mrsplDKZUyQBKXAVaneX+F8JyveQhL1Ag2vGIYSuVF3:pZtDFK15gF72ljgvr9D9mrsplDKZUyQY

  Score

  9^/10

  discovery

  • Contacts a large (20126) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1