Extracted

• • Target

    4f994fdc0a89d2277f7fe89448c036337ca33cfb66b9e2d5058e0e37f9d2bda6.elf

  • Size

    152KB

  • MD5

    42ad320132c15ffed7c38e294490cc2e

  • SHA1

    779fb9a6cf3b52c1a57193352da6d5126ab76b47

  • SHA256

    4f994fdc0a89d2277f7fe89448c036337ca33cfb66b9e2d5058e0e37f9d2bda6

  • SHA512

    b85869203f9530127908dfc0cdf34977fa986a4b5c728eb63c531ccdce28e1e9bf4ed41ec44c5064172ac77876e7cda11a84b5c66a56520d311b75d36bd7757d

  • SSDEEP

    3072:ye9bqia5r9J5o9yhpZPH+9mrsplDKZU2QBKXAVanxX+F8JyvIT+hLBA4emlEBDzr:ye9bqia5r97o9yhpZv+9mrsplDKZU2QC

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (20120) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1