Extracted

• • Target

    d5c595df22b46afaf8f896ead38fa10a_JaffaCakes118

  • Size

    77KB

  • MD5

    d5c595df22b46afaf8f896ead38fa10a

  • SHA1

    d1d177f4eee93acc07fa6e94ce9e178a5a67fbab

  • SHA256

    896d50b46f78f4e77f1b250f6084915b213d310d62c8288184b5b2a73aa9004c

  • SHA512

    da596af013f692cb20c808df9d2dd5af4099b2afc9ded85f746d69ea2df9152cb2039e03b16e89389d268b2ea44e87d081bd376a58484ad62eb515e1c79f1d99

  • SSDEEP

    1536:D4Z8VUay6+vl/R1KIdysUmR9EiYHXwHmy8hJfD0xjDET2:E6Zy6+vdGIdysUK8y8hJr0pDI2

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (6878) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1