Extracted

• • Target

    9514b18a883acaf9f05b4375f8257345_JaffaCakes118

  • Size

    33KB

  • MD5

    9514b18a883acaf9f05b4375f8257345

  • SHA1

    964711857be1aab0cd21e57b71f434a3a6b03b79

  • SHA256

    b87e540da8be981db21ae0a19def46a0cf76f9166ec155a62117059d4a693502

  • SHA512

    ae743846467309ef851ca9b2821c3a32d87bedb2ef904b42e97692631efec1b3679288a3088127d7d1595aa1f026c9df9a3fe3474d071fec42ec683bebaa323f

  • SSDEEP

    384:WdMl/q7QV8NPNli7eH18mwJv3wNduY5DrzjKuvZspvER2khbAtIt8o9hwC/YN8RF:WdP7QV8zlQ/wNdgqZsmXbAXo9mC/acW8

  Score

  10^/10

  miraimiraibotnetdiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (20008) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  behavioral1