Extracted

• • Target

    834b00373b7c589d9032bc8b06c66adab67ada1e1ae700356f05d252d94c04eb.elf

  • Size

    70KB

  • MD5

    3e97bfe89f2f60387a15d19dcecc3fbc

  • SHA1

    f56daf90f7b2d569517774969403502db2e734a6

  • SHA256

    834b00373b7c589d9032bc8b06c66adab67ada1e1ae700356f05d252d94c04eb

  • SHA512

    8bc946440cec317fdf3735fdffe4b326b20438c4df70f7e42be4a709f0f8f1ba3cbecbe52bd0358cc76499fdff2f658a62990151d3b55daa99a6f74457b77dbd

  • SSDEEP

    1536:xvfwnX7GltwnKn4Qp9JF7h9ibxU5jZ6i0nyAcP:tInX78twufCu5ci+yTP

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (89952) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1