Extracted

• • Target

    78252e14eeda8cff3c5ee0e77d917254cbde21cfd942ceb7ac25d6a65241ae6e.elf

  • Size

    74KB

  • MD5

    28f3b5bca19ed58907aacc146a47829f

  • SHA1

    f7c43101a6f48eca5365b41df26559249c401ecb

  • SHA256

    78252e14eeda8cff3c5ee0e77d917254cbde21cfd942ceb7ac25d6a65241ae6e

  • SHA512

    e452ad6030532d1908a02935990a6e2292454be6d41e5c3095a613d095f6d1cb13c1a21faa328d0cfe6734820d766e8d90bf263cb01e8a9a01df8945a00c48ab

  • SSDEEP

    1536:1a1bQWaJus8f90gHiuEd/XUeEQS8AW6zxzNQy0NC:1WUWaJus8fOx/XUeUQ0

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (104204) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1