Extracted

• • Target

    0ee587fea341d9da43777102b508c6017d29ad537594afa596e042d4ecd67cf8.elf

  • Size

    74KB

  • MD5

    eb8e5a5d4d7a332bf23f7cc07c05389f

  • SHA1

    dd9291fec1c6905ba48fdf18462a0a350e82d36a

  • SHA256

    0ee587fea341d9da43777102b508c6017d29ad537594afa596e042d4ecd67cf8

  • SHA512

    c5aa6c4e4c4218b21d2f0cf7cdab53f7b21c8f615db7bcf1f11f9aed5e0efc57d09abfcdf6205fa16808c7af0ada585c357c7f6913bfeda02737411f8a1dbcec

  • SSDEEP

    1536:rWRjo2iV+GhVYEq8e8UGC1giSyJRNERXdXh/T:rGE2iV+GhO8UQt

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (182773) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1