General
-
Target
IObeENwjmpsl
-
Size
271KB
-
Sample
240201-sh9n8aacal
-
MD5
03f35fb6d8beec93811a1a910d4abea2
-
SHA1
020f7e8564e157cf5d5b10ebe68b01ab5844e984
-
SHA256
2eadae302691a04c76a35450d89f6bb4b9ce1f3f01d811cd4c0b4013d698cc84
-
SHA512
14fc913a2234f4ced0804971fc987dca0bcd6becd3732391ed60b22472025d2c30df510ee129c823223e214caa1148301ddd240bd07ea6fe4decd9ae8eaa53fb
-
SSDEEP
6144:9NVVeGIMLGZAH7Q6aWb1tmv1iKGAMP80bjm:uAH7QBWBcv1iKGAMP80/m
Malware Config
Extracted
gafgyt
239.255.255.250:1900
Targets
-
-
Target
IObeENwjmpsl
-
Size
271KB
-
MD5
03f35fb6d8beec93811a1a910d4abea2
-
SHA1
020f7e8564e157cf5d5b10ebe68b01ab5844e984
-
SHA256
2eadae302691a04c76a35450d89f6bb4b9ce1f3f01d811cd4c0b4013d698cc84
-
SHA512
14fc913a2234f4ced0804971fc987dca0bcd6becd3732391ed60b22472025d2c30df510ee129c823223e214caa1148301ddd240bd07ea6fe4decd9ae8eaa53fb
-
SSDEEP
6144:9NVVeGIMLGZAH7Q6aWb1tmv1iKGAMP80bjm:uAH7QBWBcv1iKGAMP80/m
Score9/10-
Contacts a large (392036) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-