Extracted

• • Target

    68adb8713a5568440fb63cd266e96c90

  • Size

    177KB

  • MD5

    68adb8713a5568440fb63cd266e96c90

  • SHA1

    3fc8307a4549593090dd0087867ea208c89085c6

  • SHA256

    fa5154b2a19f5d2025bf3c792a467f274f038f90ae8a6d80c920b7ddab8a8dd5

  • SHA512

    a3443ef8018d053d7303e00171b12f09656de16eb9a42c7a432dd3dde61bbd6d809727d8fd3bc84985ccf82b85f720bca4ce0b5c31203769ca67f75ce330f64c

  • SSDEEP

    3072:A7iebZp7lMkuuyuk6dOVRAvh+IY83fryEmRXvaQAxdRiLWkK:AuopC1uv3kRAcIY83/mRXvaQAxdRiLWp

  Score

  7^/10

  • Changes its process name

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

  behavioral1