Extracted

• • Target

    b001f0e3de53fc9831208d44f6cbe8b8f73e923ea73ad4a20b3303927e42bbe3

  • Size

    117KB

  • MD5

    e977a66942c3537866c75b8eaea91796

  • SHA1

    4036ef983e6ab1155995474ae4c22e6a79e73b71

  • SHA256

    b001f0e3de53fc9831208d44f6cbe8b8f73e923ea73ad4a20b3303927e42bbe3

  • SHA512

    4351f0d87f0da096446615a93fb88492b95dc80a41e263a683a99e61b07ab89bbebce61ed74aea72074301973be3428f6b5519a0c8282a073083f39e4c8767ad

  • SSDEEP

    3072:NiW5uPcfW+aJUNdO0VYSlVyC8n2p1sSN6cZ0Mp:p5uPcdh5s40Mp

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (1034804) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder

  behavioral1