Extracted

• • Target

    1f429e2c3be03639b683b89caab099f6a1c5047a089c017d9d8e86d0ce12e48b.elf

  • Size

    78KB

  • MD5

    a8c01822dd78feded3b335735aed537b

  • SHA1

    41c85552054f07fc42c2f2a6b381de525f4e7bda

  • SHA256

    1f429e2c3be03639b683b89caab099f6a1c5047a089c017d9d8e86d0ce12e48b

  • SHA512

    9ba831769961ae82f4dd76cbd647fa6fa29a5807721443eba7318193b545a78181dcff9ea5b596c16a79828e8e8de255c37dc66b3d98f3f7e181c7fd27b02b02

  • SSDEEP

    1536:FBnwFBrlZoytA8Sv6HP4oI7p9R4Kxfp421gVBl9qy8QudlLMibWRSU+:EBhZ68Sv6HP4j7KKxfp4KgVBl9qy81W2

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (66592) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1