Extracted

• • Target

    ffec54e5cc324a79bc21a24ea6b8d94c_JaffaCakes118

  • Size

    70KB

  • MD5

    ffec54e5cc324a79bc21a24ea6b8d94c

  • SHA1

    92bd376c08da790294f6370d341e7d681e3bcc7e

  • SHA256

    bdcc03c6af7a46a800fcacab2cd8dd02a8e6f3552d13b2fb390e5d00ab1d935f

  • SHA512

    f0e8ecf26797b2ac80d06ac231094b559ed6ff1b4e2c10cf8acf35ee8c165a404baad6c18b36423540ac3f925ff901e52bfd34ea3c9288cd287ceb72ab6b9362

  • SSDEEP

    1536:H+sno/NCLUPFOVgVmixQfVyNmL9UCNJLqL1nDTn:esno/NCWFAiOLs5n

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (3860) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1