General
-
Target
a693118b9c7edf9051a7d0228c47b4f5d1a2ae06eb5ac3351f89da857c9f55a7.elf
-
Size
50KB
-
Sample
250307-gljfnawkz8
-
MD5
523c252744f62259485b8d41958025e5
-
SHA1
b1a21769a15faf3472e138930dc422416f6f37e5
-
SHA256
a693118b9c7edf9051a7d0228c47b4f5d1a2ae06eb5ac3351f89da857c9f55a7
-
SHA512
ba72666361128b96a689cafdf43dd73d8fc919e591a9852ce0b87977b2cc09b749f883d8f382fc6d2ece20f2f6dd8102791e53ccae02f5288d1578aa4a357a96
-
SSDEEP
768:m+TQ6R57PAlW8HFKEt6fds5wReVUemzeHqGFzWFDXih4a99L+:m+TQm57IgFFsAgU/zWqGFaFO9
Malware Config
Targets
-
-
Target
a693118b9c7edf9051a7d0228c47b4f5d1a2ae06eb5ac3351f89da857c9f55a7.elf
-
Size
50KB
-
MD5
523c252744f62259485b8d41958025e5
-
SHA1
b1a21769a15faf3472e138930dc422416f6f37e5
-
SHA256
a693118b9c7edf9051a7d0228c47b4f5d1a2ae06eb5ac3351f89da857c9f55a7
-
SHA512
ba72666361128b96a689cafdf43dd73d8fc919e591a9852ce0b87977b2cc09b749f883d8f382fc6d2ece20f2f6dd8102791e53ccae02f5288d1578aa4a357a96
-
SSDEEP
768:m+TQ6R57PAlW8HFKEt6fds5wReVUemzeHqGFzWFDXih4a99L+:m+TQm57IgFFsAgU/zWqGFaFO9
Score9/10-
Contacts a large (14499) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-