Extracted

• • Target

    bcc54fa5dc06b1a8acf76113b60d41ab_JaffaCakes118

  • Size

    156KB

  • MD5

    bcc54fa5dc06b1a8acf76113b60d41ab

  • SHA1

    993c806f9733c4cd19d7b99b467bb491af468d34

  • SHA256

    d93bf003f7684a4335ecb864f31999516f92344dda5f02e8d6030dd7eea5423e

  • SHA512

    f29c37b66a596d106b08af26fb6164ac1e176f002371f18c88054dbefaa7d7b48a17e0a1c253743e25e91e60ae12263b7714eac152203916461d4160610bd287

  • SSDEEP

    3072:uk0Od0Tc9JYH7KAvZ0gtiTWYIaJtLNEPaHWcR83L4zKM/9FZkpImnwjilPsUq:uk0Od0Tc9JYhCgtiTj7JpNEPaDq3L4WK

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (103998) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1