Extracted

• • Target

    003b259b6f830d298aee6b380471564fa37d9e222c6552d383a4138217e36dbf

  • Size

    140KB

  • MD5

    2a0b7f16db5aed804c69c300b55412bc

  • SHA1

    ff96a4a08d3a4a08f6fbf31ecf1d2dc2bd8b4806

  • SHA256

    003b259b6f830d298aee6b380471564fa37d9e222c6552d383a4138217e36dbf

  • SHA512

    da0ae71358d3865ad1d4af6c1ce299f91e362cdc8aff466d8e2621b19fad0cef3d775baf3a62bc351a440b54de79cb3cc3463db68179943fa750a9b4cef38d9a

  • SSDEEP

    3072:Pib6EdR0WkEZJYqNopEjuvMuK/U6YQXOaXWZ2M/94/r:WnRpkE73uvMuK//YfaX9M/94/r

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (24005) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1