General
-
Target
38279ab305356f554dd52a24142987dc.zip
-
Size
131KB
-
Sample
240902-dg65da1cle
-
MD5
2e00fe647de8aacc5796c08f37045db2
-
SHA1
d3be101c47fbfbc298fea2b39fad54dc1944aa17
-
SHA256
fa8d0bc82fd7bc7bf9ca99c7da75848cba928ce2f43e55dcb31318401b0ea81b
-
SHA512
3e9010198073d5677c09df3e1444e754423ba8515f8e15a32066b30e229b996a114321f82608dda1003c745dc3c263272b1bdf7ece831d974289ce3cc63f6989
-
SSDEEP
3072:IjDYlr2sJsQNhqMobj4a543GTA5KR73vdXOBVNSdwviAwpgcYy6hv:IjDYl5stbU3Wq6dOPZiAYad
Malware Config
Targets
-
-
Target
2d9c39868c9843142a2429b5c5af85f194c93f147820d32f85146041b61d2f5a
-
Size
300KB
-
MD5
38279ab305356f554dd52a24142987dc
-
SHA1
aa799d3b55271548a65351e04b2bfb1e9fdc8c5d
-
SHA256
2d9c39868c9843142a2429b5c5af85f194c93f147820d32f85146041b61d2f5a
-
SHA512
fdc3227268b2eacff0378886e4560065df2cf0a6d4b7921c7a0a48ca9d37742e1f918620f001f3a940c70e9558e8741a76ff3931edefc1fa8a98d10fde14e89f
-
SSDEEP
3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xioW:p3lOYoaja8xzx/0wsxzSif
Score9/10-
Contacts a large (8665) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Writes file to system bin folder
-