Extracted

• • Target

    d1f5944f115a9c60d1bd269a74ebaef2_JaffaCakes118

  • Size

    77KB

  • MD5

    d1f5944f115a9c60d1bd269a74ebaef2

  • SHA1

    45bc41ec4cb1cf05517e2dfc322875d7eaccadae

  • SHA256

    070890e1ee6d779dc93110a437f42030e34292994d458df9605c75a492d748a9

  • SHA512

    5d5f181a0c0d3bf75afc29ea9b1c23b07802adda028a4a04c23252c583665e58e937b3e616820a5c36d02e24f96c934b0a4717d5e3d6f317d9f941710037fb57

  • SSDEEP

    1536:Ut7Qsr8LKF/JRczgOIVhYhwFsiJ5T6+/y:o7Qsr8L+/4gOe5To

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (86498) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1