Extracted

• • Target

    loligang.arm7.elf

  • Size

    145KB

  • MD5

    9556015e38d115d4430fb7e2c8c3dbde

  • SHA1

    87ce3208e49801d1545b3bad9d337028df21629f

  • SHA256

    adef20b2dfe0a808a711b9add6f1fadb825c3b9ef436de80c9d682019d9f8bb7

  • SHA512

    dd82440c22e6260e725edf09d63580c1e7081ac0080571eb2f484878c4b37606110cdd8bb7989ba328317dd871c8f1357ec845dfd700fe6c0d67e1a889706571

  • SSDEEP

    3072:+00PRi0cxjNaghm12xbyl/A9mrsplDKZUoQBKXAVanHX+F8JyvnlhLig6QffU2l9:N05i0cxjNagw12xbyZA9mrsplDKZUoQP

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (20543) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1