General
-
Target
61.3.217.135-i-2024-07-25T144024.elf
-
Size
134KB
-
Sample
240725-pb17qa1cld
-
MD5
6b0fb88c187a6dbf48017f66f262edab
-
SHA1
c27a02fbe6525becc24193041359a9adce663f24
-
SHA256
ded36b111f815e57e2658bd881beaf247be1fea999902456df83840100f5ae65
-
SHA512
1aae2f3a544e5145747b5f2dfc68957a11d9d14c9229c977dbb954e3f361974c9530ac152fd288e3cec973d9e6660a6f0d185b656647cd7a1e258b8bcf0448a1
-
SSDEEP
3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xioX:p3lOYoaja8xzx/0wsxzSi6
Malware Config
Targets
-
-
Target
61.3.217.135-i-2024-07-25T144024.elf
-
Size
134KB
-
MD5
6b0fb88c187a6dbf48017f66f262edab
-
SHA1
c27a02fbe6525becc24193041359a9adce663f24
-
SHA256
ded36b111f815e57e2658bd881beaf247be1fea999902456df83840100f5ae65
-
SHA512
1aae2f3a544e5145747b5f2dfc68957a11d9d14c9229c977dbb954e3f361974c9530ac152fd288e3cec973d9e6660a6f0d185b656647cd7a1e258b8bcf0448a1
-
SSDEEP
3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xioX:p3lOYoaja8xzx/0wsxzSi6
Score9/10-
Contacts a large (5679) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Writes file to system bin folder
-