General
-
Target
na.elf
-
Size
123KB
-
Sample
241010-hpb2eszgnc
-
MD5
a5563c4f7f5babd86c564554aea383ce
-
SHA1
4f3fd8bfafc8ad014f159cc7b730a862a6284ad7
-
SHA256
336d2ba140e98cee45f6f66eb9e3230cff9145a88db69cb8298f0de1a9c6b71d
-
SHA512
454ae1b9e62603b2037f4c80516ab10cd900c92ae6a51703cff20c1196ba7f3c3b4fcdbdb58cc2492ae1ad524ed6a8d919ec808b4e8ef44e290fd53a39c2db8b
-
SSDEEP
1536:ufRwvx15eOM5QcdpM72d14znqVQBuPIpoXwZrnJeiPjAfz53sX:um5s5QwM72d+KDPYoXerDjAuX
Malware Config
Targets
-
-
Target
na.elf
-
Size
123KB
-
MD5
a5563c4f7f5babd86c564554aea383ce
-
SHA1
4f3fd8bfafc8ad014f159cc7b730a862a6284ad7
-
SHA256
336d2ba140e98cee45f6f66eb9e3230cff9145a88db69cb8298f0de1a9c6b71d
-
SHA512
454ae1b9e62603b2037f4c80516ab10cd900c92ae6a51703cff20c1196ba7f3c3b4fcdbdb58cc2492ae1ad524ed6a8d919ec808b4e8ef44e290fd53a39c2db8b
-
SSDEEP
1536:ufRwvx15eOM5QcdpM72d14znqVQBuPIpoXwZrnJeiPjAfz53sX:um5s5QwM72d+KDPYoXerDjAuX
Score9/10-
Contacts a large (79559) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files
Deletes log files on the system.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-