Extracted

• • Target

    03eece0ed7f82e1c3837a689fed92310

  • Size

    150KB

  • MD5

    03eece0ed7f82e1c3837a689fed92310

  • SHA1

    cbc9ccfe037996e783195046572a14dd6da010d2

  • SHA256

    0e8edef1570f6580923358f110b48049402035b32e20b59895766d2727bbc961

  • SHA512

    7eec579f551fddcbe84345b002407047f0c9e1c12270b00af232caed3551eaa56cc4aaa892bc61a41536e7b7a1cf1675f4f361ea395c975ec5abc8d034d95768

  • SSDEEP

    3072:YfA8x4tQotpnpW4l5BLAgQkexp+5g9JUpjOhmN0sVhpzDkp0rN:OA7Ps4lDAgJI78t+mN0sVhpzDkp0rN

  Score

  9^/10

  discovery

  • Contacts a large (9696) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Changes its process name

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

  behavioral1