Extracted

• • Target

    aa949b446142cfe846fae5807bd1926e27413d4ed159f0d64e229e16405db877.elf

  • Size

    152KB

  • MD5

    65d6d4897e9c295144450b2cf27d4cfd

  • SHA1

    598423fe80a9b57ef5512d8c4cd513f276a29c16

  • SHA256

    aa949b446142cfe846fae5807bd1926e27413d4ed159f0d64e229e16405db877

  • SHA512

    147d3a18d38200e8f2c03c9c8e77bfa6d3ca4e6d5e4328bd4ff9e28720ed91a3230f405f344bc58404dac6c2dd00e213262e7542f5f9cc861ff881510aeae9b2

  • SSDEEP

    3072:ye9bqia5r9J5o9yhpZPH+9mrsplDKZU2QBKXAVanxX+F8JyvIT+hLBA4emlEBDzI:ye9bqia5r97o9yhpZv+9mrsplDKZU2Q1

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (20409) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1