Extracted

• • Target

    g4za.arm7.elf

  • Size

    163KB

  • MD5

    a18d08d5e585e7673a89a752326b8982

  • SHA1

    d765d80c83a2090065b9518e2e80d3cfb3afc2c8

  • SHA256

    2bc479a605c5c42fbb9da45bdd805be39c9e6dcc52b76fc5c9ddd490efc799bf

  • SHA512

    a0ab9cd99f4f5364ffb33ecff107934272a11c45d76608d82c772b0235c7e740b77d9e798b9a1f64381a3b02d6fc5b77c8402eb35d9a6a63e8f3474f100fd87d

  • SSDEEP

    3072:YsfvqoYF/RrhMZHfKPaC+LKWK6nTUCo4MbPbFJJM/9YM:Ysf/YF/AdyPaC+LKWdnEPbPbFrM/9YM

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (121045) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1