General
-
Target
3e0b0c2014e2bf86e328bb7011579aaa.elf
-
Size
57KB
-
Sample
230513-zdj2bsbf2y
-
MD5
3e0b0c2014e2bf86e328bb7011579aaa
-
SHA1
5476315a86b12d0f6bd359212c8b631945fe6334
-
SHA256
138a57ba868d36405d93bbb19061cdef1b2600f7e97eb46ac03441202ee5e211
-
SHA512
284f3c6ee140d3fe976cc3fb7aa2a27a87b4d1b03349b9c2b26a9432d53913f9304019246aff6631d10201e67e14ae219991efad40c5edd35df7eb0d46ff805e
-
SSDEEP
768:B5vZRCdVnbBTnBNXj6u/+e2cQKHsrjBpYyTVb7b79q3UELcnPFHbeNNjfNBTBO7K:B5v/sbBTBojXLRjf5VnWLc97eNZzIm
Malware Config
Targets
-
-
Target
3e0b0c2014e2bf86e328bb7011579aaa.elf
-
Size
57KB
-
MD5
3e0b0c2014e2bf86e328bb7011579aaa
-
SHA1
5476315a86b12d0f6bd359212c8b631945fe6334
-
SHA256
138a57ba868d36405d93bbb19061cdef1b2600f7e97eb46ac03441202ee5e211
-
SHA512
284f3c6ee140d3fe976cc3fb7aa2a27a87b4d1b03349b9c2b26a9432d53913f9304019246aff6631d10201e67e14ae219991efad40c5edd35df7eb0d46ff805e
-
SSDEEP
768:B5vZRCdVnbBTnBNXj6u/+e2cQKHsrjBpYyTVb7b79q3UELcnPFHbeNNjfNBTBO7K:B5v/sbBTBojXLRjf5VnWLc97eNZzIm
-
Contacts a large (68826) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-