Extracted

• • Target

    53ac5db7193d6ed312ad2cbc93a6f28e

  • Size

    52KB

  • MD5

    53ac5db7193d6ed312ad2cbc93a6f28e

  • SHA1

    84a8c92eeea83d1647abddb99451225cf633cdf2

  • SHA256

    2184aeb184d016c63494b99e4abdc0201e29ac054c1883cdd942082b1eef4cba

  • SHA512

    92f6e6ff89d927eeeb357ddfbeb017cb55f941eb37f0594bf1ce4ed2ee6d72b1ad17f4c9110435dc6fbee93ebb1529bd765cce7da26761c36d0e5eb7ad715109

  • SSDEEP

    1536:hOIlMtSFSIhqUXKpdhi41Hf/ZVI9Lv8WHW:hOmMoBlapbief/ZgLFW

  Score

  10^/10

  miraiunstbotnetdiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (20126) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1