General
-
Target
affec246395b92bf7779b65b8a4ea68f63aa4ee5783ed4fd419d87db8f27d60f.elf
-
Size
98KB
-
Sample
241121-jsfz8azna1
-
MD5
4b86df51a4d906e74e6228cf12750464
-
SHA1
db53ffc8daa52fb45e67117bb377f2bece958b9f
-
SHA256
affec246395b92bf7779b65b8a4ea68f63aa4ee5783ed4fd419d87db8f27d60f
-
SHA512
80723e9cc9b0aa43924c6fa3411d2407e7e206a66118ae5bac1f0c050960265728eac126a301538e75085d7fb4c4079d184359c0c05c9a5b3f76f8d56c33adc1
-
SSDEEP
1536:YnBzNbl5KPVifL05ngpO1U3LlNt1KrB9vEoaGMvnzsT2QId:YBzfL0L1U7c9soSvnv5d
Malware Config
Targets
-
-
Target
affec246395b92bf7779b65b8a4ea68f63aa4ee5783ed4fd419d87db8f27d60f.elf
-
Size
98KB
-
MD5
4b86df51a4d906e74e6228cf12750464
-
SHA1
db53ffc8daa52fb45e67117bb377f2bece958b9f
-
SHA256
affec246395b92bf7779b65b8a4ea68f63aa4ee5783ed4fd419d87db8f27d60f
-
SHA512
80723e9cc9b0aa43924c6fa3411d2407e7e206a66118ae5bac1f0c050960265728eac126a301538e75085d7fb4c4079d184359c0c05c9a5b3f76f8d56c33adc1
-
SSDEEP
1536:YnBzNbl5KPVifL05ngpO1U3LlNt1KrB9vEoaGMvnzsT2QId:YBzfL0L1U7c9soSvnv5d
Score9/10-
Contacts a large (28712) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files
Deletes log files on the system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-