General
-
Target
na.elf
-
Size
82KB
-
Sample
241010-hpatcszglh
-
MD5
03f9679f6fd06a715aaaeae404377f1f
-
SHA1
aa5de94feed0092c15fb67269147cc591af82673
-
SHA256
1956e72859799497fa6cd30c48279d5b95679d8dca774afbf0d2371dad033538
-
SHA512
34159871fef6708847abe2c80de01ef49c2f820fe56f543d5e6a538f894b268ddea98a1ec03fa407dd06ffa9233c385577155249088baa27b8ef55577dea52fe
-
SSDEEP
1536:R0trLa97FX3E9zEfdm/7mVY1w0IsgrLF/QEPe4XZn+:R33E9km4Y1w0IsgrRQQeAZn+
Malware Config
Targets
-
-
Target
na.elf
-
Size
82KB
-
MD5
03f9679f6fd06a715aaaeae404377f1f
-
SHA1
aa5de94feed0092c15fb67269147cc591af82673
-
SHA256
1956e72859799497fa6cd30c48279d5b95679d8dca774afbf0d2371dad033538
-
SHA512
34159871fef6708847abe2c80de01ef49c2f820fe56f543d5e6a538f894b268ddea98a1ec03fa407dd06ffa9233c385577155249088baa27b8ef55577dea52fe
-
SSDEEP
1536:R0trLa97FX3E9zEfdm/7mVY1w0IsgrLF/QEPe4XZn+:R33E9km4Y1w0IsgrRQQeAZn+
Score9/10-
Contacts a large (14291) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files
Deletes log files on the system.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-