General
-
Target
98cf4da6c211b5bfe3611564d11c0cac.elf
-
Size
34KB
-
Sample
230513-zmkzzsbf6s
-
MD5
98cf4da6c211b5bfe3611564d11c0cac
-
SHA1
6266d294924c49e8c8eb835c5041833a68c14001
-
SHA256
d07280becf607fa4e06dd4ac50d2cb51683e90ee4b3db0abc1c347068fa21b38
-
SHA512
07b6060abb199f928f00ea1a2e5ea6d7d6aa6b7987fa8d92e73e3c3ef937915a43f63ab3ad5939125002f7a479d541003f30ca606b3b2569cd86785a700b2dce
-
SSDEEP
768:Qjit3osnfUPVMmz9kOnjBGafdQm2SEWVaY++6QWx:L3s2WkOndGMQmwWVaY++6r
Malware Config
Targets
-
-
Target
98cf4da6c211b5bfe3611564d11c0cac.elf
-
Size
34KB
-
MD5
98cf4da6c211b5bfe3611564d11c0cac
-
SHA1
6266d294924c49e8c8eb835c5041833a68c14001
-
SHA256
d07280becf607fa4e06dd4ac50d2cb51683e90ee4b3db0abc1c347068fa21b38
-
SHA512
07b6060abb199f928f00ea1a2e5ea6d7d6aa6b7987fa8d92e73e3c3ef937915a43f63ab3ad5939125002f7a479d541003f30ca606b3b2569cd86785a700b2dce
-
SSDEEP
768:Qjit3osnfUPVMmz9kOnjBGafdQm2SEWVaY++6QWx:L3s2WkOndGMQmwWVaY++6r
-
Contacts a large (70928) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-