Extracted

• • Target

    ebab385a00e909ff7748edeecf15ffceba7748e9b0f9850142fe7ef8d5ed5ffe.elf

  • Size

    95KB

  • MD5

    22236418d66d092a868814a050662cb6

  • SHA1

    0bf047cdeb6ce406a32e0c305a2b9089c9e369c3

  • SHA256

    ebab385a00e909ff7748edeecf15ffceba7748e9b0f9850142fe7ef8d5ed5ffe

  • SHA512

    4b96f8ec59c601c8f880968beeabf4c617235518f6ad8a1091e22beb6494cc03bf81730f9bce6d7bda7ceb0ef963a3b9f4ec923711f07a1be4e55e5588255a0e

  • SSDEEP

    1536:+DdgrUgifAhAWUq1gt4h/m4iXGmLl5yDiywPveFpZNzJ:sgr7iIhymO4ajIiywPEDzJ

  Score

  9^/10

  discovery

  • Contacts a large (290975) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies the Watchdog daemon

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Reads runtime system information

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory

    Malware often drops required files in the /tmp directory.

  behavioral1