General
-
Target
na.elf
-
Size
128KB
-
Sample
241010-lbxbzsycmm
-
MD5
290383303138aea71ac2b83b6159d74f
-
SHA1
f99e8ffb60453f18bd73420cd9245dc992dc5a95
-
SHA256
633e91ee81f179f2edf893162141050e1ce45ff2e56811692657d791d75c1a32
-
SHA512
fd45c761fe65c18d149841b3b4651a88fe0611b3f72f3ee6f4eb7346b078ef540777bbd9928d9a0e93912c540d4462b45d89c8db219936d27638db53f517b840
-
SSDEEP
1536:Efcw0/a5aKgBBu+q7jUwdhNf+mzbz47XCtlyevzpmOz53NI:El5ABB+7jUYS0bzqStrpmiI
Malware Config
Targets
-
-
Target
na.elf
-
Size
128KB
-
MD5
290383303138aea71ac2b83b6159d74f
-
SHA1
f99e8ffb60453f18bd73420cd9245dc992dc5a95
-
SHA256
633e91ee81f179f2edf893162141050e1ce45ff2e56811692657d791d75c1a32
-
SHA512
fd45c761fe65c18d149841b3b4651a88fe0611b3f72f3ee6f4eb7346b078ef540777bbd9928d9a0e93912c540d4462b45d89c8db219936d27638db53f517b840
-
SSDEEP
1536:Efcw0/a5aKgBBu+q7jUwdhNf+mzbz47XCtlyevzpmOz53NI:El5ABB+7jUYS0bzqStrpmiI
Score9/10-
Contacts a large (234994) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files
Deletes log files on the system.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-