Extracted

• • Target

    636f2bb514e461c2914afa64f05550d18579e58d0404a2f914449068f9ed6f86.elf

  • Size

    79KB

  • MD5

    f38da917978d88855ecf8da376ddca08

  • SHA1

    80875703d185d63d9c50bb769f713792b36e0f12

  • SHA256

    636f2bb514e461c2914afa64f05550d18579e58d0404a2f914449068f9ed6f86

  • SHA512

    21a4d364c11420f163d08780d868a6d067025a1ec01bf10ed64f33d02726c89971375f06aaaa1d5be12639457776d6ae0b389f3fdca14d805b473376a1cbf7d7

  • SSDEEP

    1536:SuSFceW8JP33UBLwYpWoPPcsVsSbBD1OVeBSFR:/SqeT3EB8M1Of

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (18236) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1