Extracted

• • Target

    6c311fd3d94d8e9f55e5ae56c71f91a38685bdb4bdb05a21402aaad89211436d.elf

  • Size

    99KB

  • MD5

    77d4d8ce65ff25fbf93bd1ff179c9325

  • SHA1

    6d9ea0fe4cb509b12c1cb0ab6c5750d36241507d

  • SHA256

    6c311fd3d94d8e9f55e5ae56c71f91a38685bdb4bdb05a21402aaad89211436d

  • SHA512

    5da5f8c4375c5bdcbe410a5bfffdc20fb7b3d981647d7b1a30e4f73b02aa835f26950010375a4a0379759d570658323695c9ffcdda21c8784b929c34e2982f98

  • SSDEEP

    1536:pegXznytTDLmgKQ29A0v+iRbNxcLPkXK7wYvmG6aa7GBmd9:jiDEA0WKbNx3XK7wYv1jaiBK9

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (19677) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1