Extracted

• • Target

    ad470223b26d420c890886ed236637c4.elf

  • Size

    176KB

  • MD5

    ad470223b26d420c890886ed236637c4

  • SHA1

    68ea3c38139321d5ccad38ac75ce98a623834c28

  • SHA256

    6996224136d32045b5a44ae686d1d90c089f6c11f89306f1121112f285b88405

  • SHA512

    499b6994b1338717e6fa9719daef4860aa0f38ea3f88d1bb268ce0faaeb3efa00e8516454b9d927e28b4d339c8fc3118ad1f87e063ebcd8867aa987bd8fa21de

  • SSDEEP

    3072:plx2mxpI1TzhmYineVafX2bCL1gx9pV2OnZW5hUv2JjhM/9QSw2mowhbRWz3e:pNeVafX2bwgx0Ong5hUv2JlM/9QN2mo8

  Score

  7^/10

  evasion

  • Changes its process name

  • Deletes Audit logs

    Deletes logs related to the Linux Audit framework.

    evasion

  • Deletes itself

  • Deletes system logs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    evasion

  • Flushes firewall rules

    Flushes/ disables firewall rules inside the Linux kernel.

  • Writes DNS configuration

    Writes data to DNS resolver config file.

  • Deletes log files

    Deletes log files on the system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads CPU attributes

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

  behavioral1