Extracted

• • Target

    splmips.elf

  • Size

    70KB

  • MD5

    607bfd5425eb7248a95a63f4e9ac866e

  • SHA1

    417ae03491a08f4e517ea2c752693e033422b35a

  • SHA256

    0069a2a4334223b75fe2d415e8075db49f885134d0fd0c92f01e63f6340b55cf

  • SHA512

    2e62b69e30cb35f31c657f431dea1f7f482691bb9061c9bfa39fef0840579dcab3d0db1739978c8b61e9d1dddf0925bc1ef2ee8083ed22204d6ccc4a56793fc7

  • SSDEEP

    1536:xvfwnX7GltwnKn4Qp9QF7h9ibxU5jZ6i0nyAcx:tInX78twufNu5ci+yTx

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (66559) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1