Extracted

• • Target

    cb4e753cc26a0e011027920436f85b16_JaffaCakes118

  • Size

    31KB

  • MD5

    cb4e753cc26a0e011027920436f85b16

  • SHA1

    2b7698de0235ca245fbe58adfc72b88048d5d9b3

  • SHA256

    8c1cf6d98d34bd8643fd9a4342be0cfd84b12c7ea35b33d3b3b66807b0f7041e

  • SHA512

    aa11ed8f763f1ec3ad2c1be96b0542189901298e8c9afb7c3ab54788b3158574e0d033cb690dae7305f81e2c125f9e824cad0f001a1e591d5e9ce6671696deaf

  • SSDEEP

    768:xha+tXWMLELCROUeMtqF7WVOZbg+1DlmuVD4W1:a+tXTLEeRsMAWmgGhz

  Score

  10^/10

  miraiunstbotnetdefense_evasiondiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (20523) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1