Extracted

• • Target

    ebc76496f4a778927cc6d314d15d8d78_JaffaCakes118

  • Size

    130KB

  • MD5

    ebc76496f4a778927cc6d314d15d8d78

  • SHA1

    d7e8cb0c64ce62da718266158e5a70bd5f844843

  • SHA256

    fdbddf2ff3afbf687bd145b235cef7435f69ca6ab8fef7c113cdef73d21be7ef

  • SHA512

    38d08553b740025d9fd56e7d29ee6608574a7ee50be29d7b24f28c29af615b1cbcd9ea59d65152dcc714b8e6967ba87ac37c8539d467141b4fb6ce7f552187da

  • SSDEEP

    3072:Nnr9AAFoZChczKk3+RQX2I/2is8oeJxQUUyKeWQgxM/9+Z3:NnpAAFGChczKWUI2es8oeJxdUGWQqM/o

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (49129) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1