Extracted

• • Target

    TRC.arm.elf

  • Size

    80KB

  • MD5

    ba8a22fc071dbf38f107857a494ec2ee

  • SHA1

    3e3b98c34e5e48c46c96578dc4978662df68cf49

  • SHA256

    9d225b858b47975fc3c30a5425b589897c235727dfead4cc0e2c261fae615bf3

  • SHA512

    094b69b1c9cf038fd258b5e2bfbb6dd2fa40ef77a2136bc85e2f32c1c9846f5187c8629781364bbc46b104f6b0a4817ad3b7df608e96b29f518daf9d780499fe

  • SSDEEP

    1536:oT8Iee/2qe9nVVtCsTymM4IC9cVti3BeZWs02uk9N:oTVee/d+DuixwV02R

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (20783) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1