General
-
Target
na.elf
-
Size
123KB
-
Sample
241010-hwvr4s1ala
-
MD5
ffa10038353177481db7ade52635ff24
-
SHA1
526d7ad8f5099aed534d33865be077c73195ae57
-
SHA256
10e60ddb3c9d4d49ea2f8d3367251b2fc6184c09045f2280eabbef445bd69c21
-
SHA512
bac76a82bfc56025b003f95165652e41ec4d089eaa575736d924de1d7f24b5e4123d5c681898e5b3c12c4014a1a1428d62067e08c96b1e14cbc9b882499c363e
-
SSDEEP
3072:WlfO5f2sciAFutKj+8jO7a6X5mdV+dXFzqwqu/s:kfOh2Ret2O7a6X5mdVSXTH/s
Static task
static1
Behavioral task
behavioral1
Sample
na.elf
Resource
debian12-armhf-20240221-en
Malware Config
Targets
-
-
Target
na.elf
-
Size
123KB
-
MD5
ffa10038353177481db7ade52635ff24
-
SHA1
526d7ad8f5099aed534d33865be077c73195ae57
-
SHA256
10e60ddb3c9d4d49ea2f8d3367251b2fc6184c09045f2280eabbef445bd69c21
-
SHA512
bac76a82bfc56025b003f95165652e41ec4d089eaa575736d924de1d7f24b5e4123d5c681898e5b3c12c4014a1a1428d62067e08c96b1e14cbc9b882499c363e
-
SSDEEP
3072:WlfO5f2sciAFutKj+8jO7a6X5mdV+dXFzqwqu/s:kfOh2Ret2O7a6X5mdVSXTH/s
Score9/10-
Contacts a large (178925) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-