Extracted

• • Target

    dc8539b02b69890221532b22f4c7edd2_JaffaCakes118

  • Size

    27KB

  • MD5

    dc8539b02b69890221532b22f4c7edd2

  • SHA1

    08e0ce6ebab7d8dbfe602f639cfa07a7f84e7ab5

  • SHA256

    207483a770395918284f4fb515b151d2bb6423d7529c290100cde9cea3351c80

  • SHA512

    0e82206554ed3299a4a7ab6d346ad306b02a056920e82b0ddc695c8386dd05d2c58b7e3e6a644d752b352cf93242ed0d2f1eb07adb82ad614b347ba0108828d6

  • SSDEEP

    768:doz+gJnt5RN1lCYp4P5hu6N6TiFDyqPf/R3F0:Oz1nt5BlCpu9ToDVf/R36

  Score

  10^/10

  miraimiraibotnetdiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (23996) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Changes its process name

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1