General
-
Target
na.elf
-
Size
83KB
-
Sample
241010-hpatcswcmn
-
MD5
14c2a689c249bf03878ba92ab2f9b2ed
-
SHA1
26e1b2b29db94ef37cd4ac840ae8cb9ba684f8be
-
SHA256
16f31d4bfc4b89c56e086bc4d70bfdc3564893f67dd8e6d5da7746781a27142d
-
SHA512
2ee52a707dbb043690fa4ca194c6d428046c6f7c51eb682c70248e0fb80ba881e2d3262d84ae789d519771edbceb2840814380343d95ef5b3bdfdacf1126fc3c
-
SSDEEP
1536:q8nWaX2yH6MatpoTkE8I/OXhWE1vsAn7lKQmA5Qk6elg2idGviO322nh:Yg2+6lt4BAl1bn7lKQmA5elGviOG2n
Malware Config
Targets
-
-
Target
na.elf
-
Size
83KB
-
MD5
14c2a689c249bf03878ba92ab2f9b2ed
-
SHA1
26e1b2b29db94ef37cd4ac840ae8cb9ba684f8be
-
SHA256
16f31d4bfc4b89c56e086bc4d70bfdc3564893f67dd8e6d5da7746781a27142d
-
SHA512
2ee52a707dbb043690fa4ca194c6d428046c6f7c51eb682c70248e0fb80ba881e2d3262d84ae789d519771edbceb2840814380343d95ef5b3bdfdacf1126fc3c
-
SSDEEP
1536:q8nWaX2yH6MatpoTkE8I/OXhWE1vsAn7lKQmA5Qk6elg2idGviO322nh:Yg2+6lt4BAl1bn7lKQmA5elGviOG2n
Score9/10-
Contacts a large (32428) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-