Extracted

• • Target

    c25de801216e50b63b4ca50e1fdfbff1

  • Size

    30KB

  • MD5

    c25de801216e50b63b4ca50e1fdfbff1

  • SHA1

    8ceba64c58c9275e103128e02a75bd752153539f

  • SHA256

    fc8919dba6903af959a78e3b42e4b1d4805b52a092049697e63cc55dc7c70872

  • SHA512

    55991cc75c3f6983ddee8237469c9841f690d6def696a356e3994edca0d93b9d052f036d3cfdc80599330f1595c8e8cd56f2559595b4a3603da8d161322b1fdd

  • SSDEEP

    768:/yvYLznDEB2iC+sDqC6NtxsfzxPnNsGb8yrXAJgGlzDpbuR1Jc:GYnnDEBI+smATf8fVJum

  Score

  10^/10

  mirailzrdbotnetdiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (20651) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1