General
-
Target
nag.arm7.elf
-
Size
59KB
-
Sample
230429-18g1wsec6x
-
MD5
05107aa351c35fd38522f29d010397cd
-
SHA1
e0fedd2f5edeb79aca48707cfa2c51e95c8a609a
-
SHA256
e31a655e237651863ec44025c87d9808af5065b62bffadee55ebf150802055a0
-
SHA512
685c2d7e907e9db9207dcf1a79f1e6852e06041c202402e4f94fdabfc17334ca06312a8ba2837774111935dfdc85584c5578c454438a50f46b08ab2e9e078e7a
-
SSDEEP
1536:Rsz3PNXskU39A1sMPm72Wx9F6y+0EuLLvpDKEIUEs1GBx:Rq/2j39A1xMfxeWDLLvpexUEn
Malware Config
Targets
-
-
Target
nag.arm7.elf
-
Size
59KB
-
MD5
05107aa351c35fd38522f29d010397cd
-
SHA1
e0fedd2f5edeb79aca48707cfa2c51e95c8a609a
-
SHA256
e31a655e237651863ec44025c87d9808af5065b62bffadee55ebf150802055a0
-
SHA512
685c2d7e907e9db9207dcf1a79f1e6852e06041c202402e4f94fdabfc17334ca06312a8ba2837774111935dfdc85584c5578c454438a50f46b08ab2e9e078e7a
-
SSDEEP
1536:Rsz3PNXskU39A1sMPm72Wx9F6y+0EuLLvpDKEIUEs1GBx:Rq/2j39A1xMfxeWDLLvpexUEn
-
Contacts a large (42235) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Deletes itself
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-