Extracted

• • Target

    e915d74b3be15a0e0d4acb71f79a7274_JaffaCakes118

  • Size

    31KB

  • MD5

    e915d74b3be15a0e0d4acb71f79a7274

  • SHA1

    710b6273586fc15f2fe641271169d2b4d6497c7f

  • SHA256

    608bf33b8c42ea5d885258aa5e5efe140ba60661faaf8f9a842ab61f9789aef4

  • SHA512

    1307c7dd702d1a2e2f5c34b541f99d5faafedd4211f6ee0cc61ed6900ca719482ebecd9625871d04cf81e62752c4563af9ea2867fd0a9a4da658fbe96ce48ac1

  • SSDEEP

    768:Xha+tXWMLELCROUm7thWum+scLnogFWq8w3cARKVDQWx:A+tXTLEeRw7tlBrow8w3cBhb

  Score

  10^/10

  miraiunstbotnetdefense_evasiondiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (20360) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1