General
-
Target
FVF9HcVY62.elf
-
Size
1.6MB
-
Sample
240604-rkj1xahh9z
-
MD5
2e4ac48e6a716e4ebb19942a6e1ba71c
-
SHA1
0b5f3da0ad9c3f30a5eee4f266b28f71dc5c1f50
-
SHA256
19a06de9a8b66196fa6cc9e86824dee577e462cbeaf36d715c8fea5bcb08b54d
-
SHA512
e4a60864915bf0a4f9f8c33900409fb26c99bc07c8f55537bc59d4d7a7572adb45cab1864c9badb649401835aa4fd9941ea3d5b7e11f4af8550f8d54b377b8fa
-
SSDEEP
49152:HFNBB4VZtmRnylRgF7xPs1Kx3sAG4YUgoRx0FnLnY76aplUd6ECu:lNDgG3BxPtRGLntLn/c86i
Behavioral task
behavioral1
Sample
FVF9HcVY62.elf
Resource
ubuntu2004-amd64-20240508-en
Malware Config
Targets
-
-
Target
FVF9HcVY62.elf
-
Size
1.6MB
-
MD5
2e4ac48e6a716e4ebb19942a6e1ba71c
-
SHA1
0b5f3da0ad9c3f30a5eee4f266b28f71dc5c1f50
-
SHA256
19a06de9a8b66196fa6cc9e86824dee577e462cbeaf36d715c8fea5bcb08b54d
-
SHA512
e4a60864915bf0a4f9f8c33900409fb26c99bc07c8f55537bc59d4d7a7572adb45cab1864c9badb649401835aa4fd9941ea3d5b7e11f4af8550f8d54b377b8fa
-
SSDEEP
49152:HFNBB4VZtmRnylRgF7xPs1Kx3sAG4YUgoRx0FnLnY76aplUd6ECu:lNDgG3BxPtRGLntLn/c86i
Score10/10-
Contacts a large (969378) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
XMRig Miner payload
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-