Extracted

• • Target

    x86_64.elf

  • Size

    105KB

  • MD5

    5c2d301a3602cdc7f8f7260e1f27781d

  • SHA1

    0a76681142d81a2971d2321cf1061317a875d7ee

  • SHA256

    cab713be24d5b1c7320d93a1957937a3dc472d1cd9f3fdc48d10a08cfa01b8c2

  • SHA512

    b586f5a951470842392885d7272667a39b097a581e55fcbc571377f7193a4a84291d8805e2ddfbcfbc8c8ae9048615c288b668ebbb1cf403dfb05b7b38ac64bd

  • SSDEEP

    3072:Sp0QUdRZF4zFJGJFD9kVT5bneXE2Jk41egvz8BeRmUE:SpdUdRZF4zFJGJFD9kVTd9bhg7Rm

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (49399) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1