Extracted

• • Target

    126b4c08575ccba70f1001e1a9f957bbc2411147ef6b12ddddedcca4597dd6e8.elf

  • Size

    44KB

  • MD5

    3690286e14701b0b0fe6f2dd5ae70589

  • SHA1

    d4fb607d0d602237be574ed33b5d9b53b7395dfe

  • SHA256

    126b4c08575ccba70f1001e1a9f957bbc2411147ef6b12ddddedcca4597dd6e8

  • SHA512

    30206ddf5251111418b96db2bc288579010c9196f2dddeb384f4161459e31c167224f96f90cc435741940af16f97b68cceafea0d5a0ccb6e112e7659fcdb7b96

  • SSDEEP

    768:c4ZMC05W0RIWPIfWWYrREwZXv+k6ck8qXs4xhQ8Xeun/e8g:c4ZMC05W0RIWQ/YrREK2RhxtXeu/e8

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (109452) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  behavioral1