Extracted

• • Target

    6abfffe6410948dcdba7f2703cb5b93e36caa665d8a8a536f73efc80972da19b.elf

  • Size

    54KB

  • MD5

    7a5374b348d135e626a569dcee2e4541

  • SHA1

    90c92f8cb3841877546010c255b1e2a99e4b1b2c

  • SHA256

    6abfffe6410948dcdba7f2703cb5b93e36caa665d8a8a536f73efc80972da19b

  • SHA512

    51702d3f1f883a8d1415a8973e542092ec239b9fd67e6ead4f02be2f6509da7d0a20a4cbdb95b7b448d5e2018facd589383896271b98f8fbebdefbcc4982cf90

  • SSDEEP

    1536:DkU8cZyFRJW/wzp9mya5Fmt5FVjAVnhu:DkU8bzrFaSbFlAVhu

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (107405) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1