General
-
Target
na.elf
-
Size
130KB
-
Sample
241010-lbw18asgma
-
MD5
17e4dae04b6c95340a4df08ebde65336
-
SHA1
7aa049001870a285253f4565dbab444ba6cc403f
-
SHA256
1bf7b9aac74f39cae6ee8ae25bbb364ab3f382edb507709be8e5c74f57801e7e
-
SHA512
69efedbc5fc5f047b39577c3f6fc4aab451c42ae44067e7d3a77d178ca0f2b5ef70751b7d32436d0be1bbf855ccbeeb27ab8ef23ec554217d5ef9c4eb33886d0
-
SSDEEP
1536:i/UodEcbuJuMbEOoqWeBq1gfjeH73ZSgcZ0pv5ZH3einUb1/ENZYHw:i/rEcqJuMghqFBqKHg60pv5hHCBENZY
Static task
static1
Behavioral task
behavioral1
Sample
na.elf
Resource
debian9-mipsel-20240611-en
Malware Config
Targets
-
-
Target
na.elf
-
Size
130KB
-
MD5
17e4dae04b6c95340a4df08ebde65336
-
SHA1
7aa049001870a285253f4565dbab444ba6cc403f
-
SHA256
1bf7b9aac74f39cae6ee8ae25bbb364ab3f382edb507709be8e5c74f57801e7e
-
SHA512
69efedbc5fc5f047b39577c3f6fc4aab451c42ae44067e7d3a77d178ca0f2b5ef70751b7d32436d0be1bbf855ccbeeb27ab8ef23ec554217d5ef9c4eb33886d0
-
SSDEEP
1536:i/UodEcbuJuMbEOoqWeBq1gfjeH73ZSgcZ0pv5ZH3einUb1/ENZYHw:i/rEcqJuMghqFBqKHg60pv5hHCBENZY
-
Contacts a large (156396) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-