Extracted

• • Target

    d12964cd01a3ca680f65271c1107fc20_JaffaCakes118

  • Size

    161KB

  • MD5

    d12964cd01a3ca680f65271c1107fc20

  • SHA1

    fed41824d4c7cbad9fcb0b2a3e50a74799a279c6

  • SHA256

    3cb3b6819574d8250d1465c83e00a86e30cfe218fe4e92c78cdc496a474e981b

  • SHA512

    6c32f87a92e06ce4c32e0f88e7df3dadc7f4750f5822cc0bb3488ef3bf187467d77100969a81e2149db9806c8bfef4b46336286953e55014b37e68075b845034

  • SSDEEP

    3072:ntwaqhLfo81CnBfcJOn0CU86meJhKBdxhBhRhBxxxyVRxBlxoGBIMChLPGQnXLbp:ntwaqhLfo81CnBfcJOn0W6meJhKBdxh7

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (220369) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1