Extracted

• • Target

    8629dcac030a30891848d1c42d65b7ef

  • Size

    573KB

  • MD5

    8629dcac030a30891848d1c42d65b7ef

  • SHA1

    e25f950d7deb39639eb39322bed9b1f6e259ff7d

  • SHA256

    79fbccdd13c18356ec8db2de02289fa3dee6b9f8c6ea4576543984439de0eb47

  • SHA512

    ea5cba6f7110e88ad423317f7878eb0515e41d4cedf7a4bae02e7c862abd669539011d3336cdb532f1db33efeea6cc5118d9c3bd0685b3d153143ee19055c0c7

  • SSDEEP

    12288:KzdIqiPzRCmzDWr2YZRMjE0ez34kLJGRuk6rpKbu72Ogm6YQ2VVwHe876/+ZVUTZ:vzmibKf

  Score

  9^/10

  discovery

  • Contacts a large (1479737) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Changes its process name

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1