Extracted

• • Target

    48078197ccaf4f0f136aad740e87a3d4

  • Size

    148KB

  • MD5

    48078197ccaf4f0f136aad740e87a3d4

  • SHA1

    f9bf4477287b2084f7fc97a194ac31510212626c

  • SHA256

    5b7a98474d0dc338a480ccccd18a35d801c48bd1479d301dcbf333c1ef2d63f3

  • SHA512

    e100a826fc6dc7942d0301e7ac9ebff4f2d8f71a5fc262912d8342b1ff5c3018b537d1d98ef599926414a32fe226854f197cccc9b6baf7a078bf09f684a4f7cc

  • SSDEEP

    3072:16PAeP5TmnsFppXUBOnjArxt6cmNYo7Qs59Hf8GNb:6DJdjhUBeSxt6cmNYo7Qs59Hf8GNb

  Score

  9^/10

  discovery

  • Contacts a large (197619) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Changes its process name

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

  behavioral1