General
-
Target
0308738cff29f91bc4e9e2831a6605ae
-
Size
119KB
-
Sample
231219-2ae93saad3
-
MD5
0308738cff29f91bc4e9e2831a6605ae
-
SHA1
8ed0187dcc41d92059afe88cecf2d9e917f24775
-
SHA256
5fd664085bb2e927c6d93007083710eaad24786b849d8be382f8e0d059956940
-
SHA512
3e334b66141989cf4a40a27ced6f0fe0e8cc732bcf4fca2a31fc4317853c364022ea2c4db19d20728892d3c12a6f300c14116b48cff6841810febdb0425cbdff
-
SSDEEP
3072:y15qz+kA1g7Rwtfn6/YOsniwDLvzBdtmNl1VhbaRklkNb:y1l1TR6/Yzi8jtmNl1VhbaRklkNb
Malware Config
Targets
-
-
Target
0308738cff29f91bc4e9e2831a6605ae
-
Size
119KB
-
MD5
0308738cff29f91bc4e9e2831a6605ae
-
SHA1
8ed0187dcc41d92059afe88cecf2d9e917f24775
-
SHA256
5fd664085bb2e927c6d93007083710eaad24786b849d8be382f8e0d059956940
-
SHA512
3e334b66141989cf4a40a27ced6f0fe0e8cc732bcf4fca2a31fc4317853c364022ea2c4db19d20728892d3c12a6f300c14116b48cff6841810febdb0425cbdff
-
SSDEEP
3072:y15qz+kA1g7Rwtfn6/YOsniwDLvzBdtmNl1VhbaRklkNb:y1l1TR6/Yzi8jtmNl1VhbaRklkNb
Score9/10-
Contacts a large (23366) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-