Extracted

• • Target

    5188c58d0629c08606d274d4dfadd1503271c8c99bdcf5098544e3a00e0808c6.elf

  • Size

    48KB

  • MD5

    dc2fc820c51c91236cf18c5528f95cde

  • SHA1

    4e44cb3135adccc8fa699d3ea8a192dfcceb779f

  • SHA256

    5188c58d0629c08606d274d4dfadd1503271c8c99bdcf5098544e3a00e0808c6

  • SHA512

    cdf9a8c71c4fccd6e435214447522f2f2462050e654891098c72e8d165b0193e9c327e66a76583d7636bc54299b5723f61b0c6bf71235e646f36d50bddd83023

  • SSDEEP

    1536:aH3oG7jBo2VZXuP58uwVcRON9u/Sre1szExab:aH40jBo2ru58uUcoi/SreyzS8

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (108690) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1