General
-
Target
na.elf
-
Size
128KB
-
Sample
241010-ldw41aycpq
-
MD5
cf182d49ea3bd8d88c0895c2c2e0c971
-
SHA1
71d2e8d01a16188bb1efb6f68678fc245e7a75e9
-
SHA256
2743a17903001140b896d59a93ff5720ee2b1198e87772bfe23b0913018ac4f5
-
SHA512
594b7a7e6f3cdcb18f23b54826e40ad661dd14be30d5b68edca51843c09ab063e816072d015a7993f3eb0fea5ca4596fb9851b07c19f5c99823aaab1e04946f6
-
SSDEEP
3072:uxjOFf2CcOhh5txBqH9jX/ae0KKFpv2KpnG4Kitc:4jOd23qtr8X/ae0KKFpuKHTtc
Static task
static1
Behavioral task
behavioral1
Sample
na.elf
Resource
debian9-armhf-20240611-en
Malware Config
Targets
-
-
Target
na.elf
-
Size
128KB
-
MD5
cf182d49ea3bd8d88c0895c2c2e0c971
-
SHA1
71d2e8d01a16188bb1efb6f68678fc245e7a75e9
-
SHA256
2743a17903001140b896d59a93ff5720ee2b1198e87772bfe23b0913018ac4f5
-
SHA512
594b7a7e6f3cdcb18f23b54826e40ad661dd14be30d5b68edca51843c09ab063e816072d015a7993f3eb0fea5ca4596fb9851b07c19f5c99823aaab1e04946f6
-
SSDEEP
3072:uxjOFf2CcOhh5txBqH9jX/ae0KKFpv2KpnG4Kitc:4jOd23qtr8X/ae0KKFpuKHTtc
Score9/10-
Contacts a large (94970) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-