Extracted

• • Target

    na.elf

  • Size

    148KB

  • MD5

    9e9f6a4ff9c1782a822df602dd5e364b

  • SHA1

    5617f45e06d5757c9e745afedbd85e77d83681fd

  • SHA256

    842ef514a2b5f05b415b85d02e5f62cdda1da839a0c7d9016d475926de36c4cb

  • SHA512

    c2968a90c3350593d1b348016b08655c47c435a783a0f0d0ef15185f156da1725c6a43008323e86f50a3b9e8bd5b50a2cfcb0e61e00997feebb74a38ef091c1a

  • SSDEEP

    3072:zv77j7mI47aSDV2u4AUDjNLPMvEn3ExYM/9QzjTf:73Oj7aSDV2uJUDpQEn3EmM/9QvTf

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (77033) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1