General
-
Target
lok.arm7.elf
-
Size
59KB
-
Sample
230331-yd3yrsch42
-
MD5
edb64280b729e3299ca43c99939161b9
-
SHA1
530d42ad15f5da90cbbb700ca8a8d2005dc1471f
-
SHA256
60628ba3c363a8719f43139402794a925059096ac987d12a3370d64f5be0dd5d
-
SHA512
68550ed42b6774cfbf8e1821bcb19a35ffb3d1f46d25f452c04e973bfb2fa45cf45440429cbf3f6289b44041eb265983ed71f66b9aee9ee37b4c9315df9f35be
-
SSDEEP
1536:QqPm6pbZMeQYXQBpqYtgU7ChRPwKL185HApNs:rmcaeQYXQl3AyKLOtH
Behavioral task
behavioral1
Sample
lok.arm7.elf
Resource
debian9-armhf-en-20211208
Malware Config
Targets
-
-
Target
lok.arm7.elf
-
Size
59KB
-
MD5
edb64280b729e3299ca43c99939161b9
-
SHA1
530d42ad15f5da90cbbb700ca8a8d2005dc1471f
-
SHA256
60628ba3c363a8719f43139402794a925059096ac987d12a3370d64f5be0dd5d
-
SHA512
68550ed42b6774cfbf8e1821bcb19a35ffb3d1f46d25f452c04e973bfb2fa45cf45440429cbf3f6289b44041eb265983ed71f66b9aee9ee37b4c9315df9f35be
-
SSDEEP
1536:QqPm6pbZMeQYXQBpqYtgU7ChRPwKL185HApNs:rmcaeQYXQl3AyKLOtH
Score9/10-
Contacts a large (41276) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-