Extracted

• • Target

    330b1d6a3c3462fa9df92b826c87f39c

  • Size

    29KB

  • MD5

    330b1d6a3c3462fa9df92b826c87f39c

  • SHA1

    b17b38ced642c86e415cba7627921d44436a33da

  • SHA256

    5f627d422b050d42090d921f82c572b552dfee76a6cc363fa9eadcc71338f888

  • SHA512

    ccda3d68814278b591c35b587b0fc0c0ade4e94eb80032eaa067b938819be36b1a2a0068b82cb96b18fe19ae59071341ac6f6be1c32702a8318ebf1232c89ed3

  • SSDEEP

    768:TFoxdX+IoMKVUfzaP1urxIGyYUzpzAhDxZc+Kmr1s3Uozm:TF2+IoXVeNIlzpzArEzm

  Score

  10^/10

  miraiunstbotnetdiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (20996) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1