General
-
Target
na.elf
-
Size
125KB
-
Sample
241010-hpbewswcnm
-
MD5
2b0caf52e5e7d8967ce6ad262f194966
-
SHA1
71cef25f6bc45bdecd8ba77ec5c18a7795cc4bd4
-
SHA256
26a240e366d95b7fd6b58e1ac79304334b30a910415a224c31f585f7b49cfaa2
-
SHA512
b5d037a7caeeeabbcfc05a9b62c12622870f6d61a3b916ac80f61b0eab22dc274df7d02e8c4ff7334dc9074c17307c4a52ca8c38f1ff1c89f58f7f1ccea7b52d
-
SSDEEP
1536:AmbdXGuJxQ1lmoGWGO/+9MBLVKvyPXgQXE9ZTUdY7oew11S07HI:A4XBJxQT5Ge/+ubgYE9G+fwnS07
Malware Config
Targets
-
-
Target
na.elf
-
Size
125KB
-
MD5
2b0caf52e5e7d8967ce6ad262f194966
-
SHA1
71cef25f6bc45bdecd8ba77ec5c18a7795cc4bd4
-
SHA256
26a240e366d95b7fd6b58e1ac79304334b30a910415a224c31f585f7b49cfaa2
-
SHA512
b5d037a7caeeeabbcfc05a9b62c12622870f6d61a3b916ac80f61b0eab22dc274df7d02e8c4ff7334dc9074c17307c4a52ca8c38f1ff1c89f58f7f1ccea7b52d
-
SSDEEP
1536:AmbdXGuJxQ1lmoGWGO/+9MBLVKvyPXgQXE9ZTUdY7oew11S07HI:A4XBJxQT5Ge/+ubgYE9G+fwnS07
Score9/10-
Contacts a large (40810) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files
Deletes log files on the system.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-