Extracted

• • Target

    e9a7737659c8befea16546ab7c9760b0_JaffaCakes118

  • Size

    52KB

  • MD5

    e9a7737659c8befea16546ab7c9760b0

  • SHA1

    d9771a177fc36dde8930e021ae8cb5be626a2e50

  • SHA256

    9f339f0a9146bb7a083e5f0d0cd0723938c71d0d7593e1ac04944329c1b72241

  • SHA512

    573a5bd31a5c76a1b410de866c35689f74f5e907953d9f66a1cdc2b188d93257b3a2542af634077676e03b43c685df92619484878501a9478f74beca4882373c

  • SSDEEP

    768:DCeXFBIhgrLlv6m1nm3iC0qh/0Y3nXvMcFnPA8e/:DCeXFBIhgnRmSC9MY3nXvrnPA8

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (70868) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1