Extracted

• • Target

    omega.x86.elf

  • Size

    107KB

  • MD5

    b8ed4778551906d732ac2f07b5f5f1b4

  • SHA1

    65a79b0a23448aeb4626bf8d5e0a4765290b0cbd

  • SHA256

    72551acde61508d4d41b00140317f21f0dd7880f2b120290379bbe430356d015

  • SHA512

    761db6e70cfce641e587e6b989fbc834ebd3860c78fee5a995570bcc333f0b4ccd5b378ff5e46f94b6782a159d227500f3e2a32f3d32fcc40542ac99eecd2aec

  • SSDEEP

    3072:tco/mw3jCHuYnoAwI1T4Nrb1AJphaIAW8NDtjoKty8wdO1:zPTCn7T4xMphaIeNDtjoKty8wdO1

  Score

  9^/10

  persistence

  • Deletes system logs

  • Writes file to system bin folder

  • Writes DNS configuration

    Writes data to DNS resolver config file.

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

  • Write file to user bin folder

  • Reads CPU attributes

  • Reads system network configuration

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory

    Malware often drops required files in the /tmp directory.

  behavioral1