General
-
Target
98cf4da6c211b5bfe3611564d11c0cac.bin
-
Size
33KB
-
Sample
230515-b175nsgf21
-
MD5
01fa08fc0eaa62107aa255c876835150
-
SHA1
64c1e8d0501acc0f97e0d501af5d1c5b24818340
-
SHA256
95dd100547a09f6fbce08bd395da63327cb8888c92787c8a94248613bce8dac4
-
SHA512
fa879bc89c330a349804a9e070f6f3af2580d251c33ae8bfa87cef0a8e27255b5ba6c1b105ad1e01186e6e9d1bc1ca87b45ed54c2489255778b10ad9dd6052c0
-
SSDEEP
768:uwavDh7BE+GXTCJ1miP57X9w/FgcQhtLqjtV6YhGLXjmZOcD1ZWJuWrC:cDhtAWp5zMK96CYhGLAnhMIWO
Malware Config
Targets
-
-
Target
d07280becf607fa4e06dd4ac50d2cb51683e90ee4b3db0abc1c347068fa21b38.elf
-
Size
34KB
-
MD5
98cf4da6c211b5bfe3611564d11c0cac
-
SHA1
6266d294924c49e8c8eb835c5041833a68c14001
-
SHA256
d07280becf607fa4e06dd4ac50d2cb51683e90ee4b3db0abc1c347068fa21b38
-
SHA512
07b6060abb199f928f00ea1a2e5ea6d7d6aa6b7987fa8d92e73e3c3ef937915a43f63ab3ad5939125002f7a479d541003f30ca606b3b2569cd86785a700b2dce
-
SSDEEP
768:Qjit3osnfUPVMmz9kOnjBGafdQm2SEWVaY++6QWx:L3s2WkOndGMQmwWVaY++6r
-
Contacts a large (66202) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-