Extracted

• • Target

    501998de1bcf45cc89b2fa044c0f0a6d5fad8487896b2ec6efcd4781c9b4ff92.elf

  • Size

    102KB

  • MD5

    70b66a570de870a13347439c61de40bd

  • SHA1

    8b747eb73adc30dda05a1f76c0c0700881d70f5b

  • SHA256

    501998de1bcf45cc89b2fa044c0f0a6d5fad8487896b2ec6efcd4781c9b4ff92

  • SHA512

    7514bce3a8798f1b0ee8370807377f274256c80b4a8e5c64aff03de5921fe5c3b0a100839d4f427090d75f20c3c92ba65f460c8424786ba7e5e4c0d2a51a6a9b

  • SSDEEP

    3072:rgLIgB0mpC+wmNBU82+OfR8+bMZutwntYH:rzgB0mpCDmNsJ8+bMZutv

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (71331) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1