Extracted

• • Target

    da8826c341e070302a869c73353b8f75_JaffaCakes118

  • Size

    77KB

  • MD5

    da8826c341e070302a869c73353b8f75

  • SHA1

    0e89cb4bf9728a243e3a1cd402fa34c6958b0236

  • SHA256

    3442c748718bea7f31358efa63df7924865b23b70b227ad1369d5f09fca07759

  • SHA512

    5d4b704a1140715207e713717d609fd62710abbd178e952e0a41e065b37cfb96129f4f78ddfee09d3ae70eaa66c92b1ae400ce9b7ed7c21f250b77a97bcea6a8

  • SSDEEP

    1536:G4Z8LUay6+vl/R1KIdysUmR9EiYHXwo31iqTwxjDET8:B6ry6+vdGIdysUKI1iEwpDI8

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (2561) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1