Extracted

• • Target

    651-1-0x00008000-0x000298d4-memory.dmp

  • Size

    89KB

  • MD5

    f6ed8df99d5a07a2f21938f1dd2b0b76

  • SHA1

    c56020ac4566a69ce024954b38b3962dc9153c84

  • SHA256

    f5d3a99ba58bf59bd036c7988869dac289844a5a678ef899b9c63ae775a81dba

  • SHA512

    f839238ebc61563f45f542029e3a3c6c5bad57ca7f4019351647178105a517cd644a1e6bef3bf5e40d5db2be7a531e33c99f4df7b123c0b055a28166b3d7903d

  • SSDEEP

    1536:QVnumUlw4IqOIQAg5WAbiSYqCi9mrsplDKZUTQBKXAVan0X+F8Jyvk4AHx7uzVL7:jmKgAIWOtYqj9mrsplDKZUTQBKXAVanJ

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (20533) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1