Extracted

• • Target

    splarm7.elf

  • Size

    77KB

  • MD5

    4d429e9531500278962d92ad8fad2bf2

  • SHA1

    f5ab96d0a296261444e49329d6f46cf135c1188d

  • SHA256

    60c0b18a8e8e5c7f8e3a50d07e478fadc722fdcdfd90075ffe4434a47cd95776

  • SHA512

    ef7726631b7f38a3e483c22255422b49dea977ec6fa5a9a6f0432faa51b544f5b895a42b0cf8a27fbd47707f129d761004e4d19bda9dc0dd8c555c836d6ef213

  • SSDEEP

    1536:txn7gLqXIQHj0jLwdeNyQ6F1A4//Sc9hg998zAVy9r2UQ5dlruit+sG2z:QLgIZjLqeNCT//SKIyzAVy9r2td+sB

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (66133) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1