Overview

overview

10

Static

static

10

077a64cd5c...3c4440

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    077a64cd5c496d4c098cafdcae3c4440

  • Size

    98KB

  • Sample

    231219-2b5w5aaga9

  • MD5

    077a64cd5c496d4c098cafdcae3c4440

  • SHA1

    1feb6dfef4f68c1c77f001c62bcbdc67a816d2fa

  • SHA256

    81616723e7b006ddc1d612b4475b8cdf9b999fe1d1cf5b82d20ff0415d7e9e65

  • SHA512

    5a6cb595af2b30db1c61f34b99955ab43b8d60c7bf65fe2a1feff58b7fd53bf2595420f6fef238d0c0e1e1f440c1bc7876d1aedd824b1eabf7b66d37c4a10807

  • SSDEEP

    3072:he7EqeQUHfPyjRJ9rBFKqk2F1QmqoVcqq6GnQOT:heZyo5Kqk2PQmqoVcqq6GnQOT

Score
10/10
gafgytdiscoverylinux

Malware Config

Targets

    • Target

      077a64cd5c496d4c098cafdcae3c4440

    • Size

      98KB

    • MD5

      077a64cd5c496d4c098cafdcae3c4440

    • SHA1

      1feb6dfef4f68c1c77f001c62bcbdc67a816d2fa

    • SHA256

      81616723e7b006ddc1d612b4475b8cdf9b999fe1d1cf5b82d20ff0415d7e9e65

    • SHA512

      5a6cb595af2b30db1c61f34b99955ab43b8d60c7bf65fe2a1feff58b7fd53bf2595420f6fef238d0c0e1e1f440c1bc7876d1aedd824b1eabf7b66d37c4a10807

    • SSDEEP

      3072:he7EqeQUHfPyjRJ9rBFKqk2F1QmqoVcqq6GnQOT:heZyo5Kqk2PQmqoVcqq6GnQOT

    Score
    9/10
    discovery

    • Contacts a large (23520) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks