Extracted

• • Target

    63bf2e90614519bad84ea70b1aa2d60c4f2ccd6d03c23e525cfe3a59d0f23296.elf

  • Size

    54KB

  • MD5

    7bff58bb7ba2c821e805b300040cd2dc

  • SHA1

    fb93d00f71d3ea2ef4b45555840590cfa068c932

  • SHA256

    63bf2e90614519bad84ea70b1aa2d60c4f2ccd6d03c23e525cfe3a59d0f23296

  • SHA512

    ae5ac16e3540fd44c614638ce7ca4d0d6f35bb47296901f5d3409af18ecc647afa08d4b0611951558c76732c7d17ea9ea77d0aa2af9e860b34f2ec374df3a63d

  • SSDEEP

    1536:/AzCqX/QRDIpqvvARxBnst5XxJXQVza4y:/AzCqrqHCqbXxNQVO4y

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (44678) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1