Extracted

• • Target

    1506-1-0x0000000008048000-0x0000000008058e60-memory.dmp

  • Size

    61KB

  • MD5

    d1afd6d41c1198d5aac198e23308c50a

  • SHA1

    3ddaac8b85192e05d81a78cab1c3bbe5bf34e042

  • SHA256

    6dfa74995369c98df51d752c0dd2c335b0cb485a0da9c354d53827347df55f5a

  • SHA512

    618284edebd82fb649d1ae550cbd6dd6d6f4ea00dc6597da19585e53a53f617158cd1ae96e2a638ec540322b77fab9960535326ef9149443e750cebd5a1b78fc

  • SSDEEP

    1536:r+qyu6GBlyt0ZPTJSSWE/9aVHf3kd/Qgo/Weh:r+qx6GBl/5TJSSWE/UVHfs47Oeh

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (20064) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1