Extracted

• • Target

    3314ea0ef466661c58753696b048094c5d6f0f85d9a11dd96d0e2f62bbf3663e.elf

  • Size

    142KB

  • MD5

    97be145f33b9ce207a69c1a9654f2317

  • SHA1

    a1b04a78ea41cbf9e4f8bf584234c49ee4fb5e00

  • SHA256

    3314ea0ef466661c58753696b048094c5d6f0f85d9a11dd96d0e2f62bbf3663e

  • SHA512

    525041a0802036791742c00e5792b0000e85615529182cdb5a1a99e92b96f43e700421df76346c64f1439a29b191d26ced0ddda09e022fdb9faa3b1902dfc8e9

  • SSDEEP

    3072:s7Sog55F1YMuPZTynKO/X9mrsplDKZUoQBKXAVanbX+F8JyvPlhLLgxAefsjJNx0:s7Som5F1YMuPZT4KsX9mrsplDKZUoQBk

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (20262) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1