General
-
Target
arm7-20240707-0306.elf
-
Size
159KB
-
Sample
240707-dma9wsscpn
-
MD5
e3ea41bbbed27a1f7e7563f6c72802ca
-
SHA1
edc5d1176182856049843b1530fb8b3b8e24a8cc
-
SHA256
3858ec56dc7c28252b1d09eddc418b5bfc24c3b8f6fa7165e3469f6ffaecc42e
-
SHA512
5c5c0c22099b7068331a214d38aaaa3520bbfcd1c6d253da70d9df31dc4bbe2cae5ec0db0def027757c81d5418ce11501feb6342f8ea56fdb2e86cf3b4225241
-
SSDEEP
3072:J+qESLgbxYaHaOufrRIjKE//RBNzQwTHKlM/9RwnrP:JXR0tYaHaOufrqjfBqwTH4M/9CnrP
Behavioral task
behavioral1
Sample
arm7-20240707-0306.elf
Resource
debian9-armhf-20240611-en
Malware Config
Targets
-
-
Target
arm7-20240707-0306.elf
-
Size
159KB
-
MD5
e3ea41bbbed27a1f7e7563f6c72802ca
-
SHA1
edc5d1176182856049843b1530fb8b3b8e24a8cc
-
SHA256
3858ec56dc7c28252b1d09eddc418b5bfc24c3b8f6fa7165e3469f6ffaecc42e
-
SHA512
5c5c0c22099b7068331a214d38aaaa3520bbfcd1c6d253da70d9df31dc4bbe2cae5ec0db0def027757c81d5418ce11501feb6342f8ea56fdb2e86cf3b4225241
-
SSDEEP
3072:J+qESLgbxYaHaOufrRIjKE//RBNzQwTHKlM/9RwnrP:JXR0tYaHaOufrqjfBqwTH4M/9CnrP
Score9/10-
Contacts a large (260375) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes file to system bin folder
-