Extracted

• • Target

    loligang.arm7.elf

  • Size

    141KB

  • MD5

    490dcfe1e6f95cb4931eb84e551eab37

  • SHA1

    8bd0daab8f36377a77b34435d68dc1dad6571480

  • SHA256

    e758318afa6e6626d575c4e5bcad871658337ee21f7a94d89c3d794be228e4f2

  • SHA512

    dd7e06817e61cb3398122a5abfe98a4687ca534ec1827c71615ac2fda81f6ae4117217fea4b8f99ed2cbaa139e30c3e8abd2f330cde42f88a1e11afcdaf40170

  • SSDEEP

    3072:walgM69pe0QmlTvIUdt9mrsplDKZUQQBKXAVanXX+F8JyvSPhLZ85iBMR6yoC1Qs:walgM69pe0QmlTvI8t9mrsplDKZUQQB5

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (20574) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1