Extracted

• • Target

    a698d787649fe2a7dfc49250d92232c9f4b96d15076809f33cf532ca1aa513fc.elf

  • Size

    36KB

  • MD5

    4e2ff5e5c6fdd578c6d50e196846863c

  • SHA1

    f3dc07b21af21cff6c4ed71e9dd9b4988da23819

  • SHA256

    a698d787649fe2a7dfc49250d92232c9f4b96d15076809f33cf532ca1aa513fc

  • SHA512

    79cf1336501f308135df6835236b46506753b4aba4e052bd504af4268b6e1230a3db74de46118e8f5aef62642743069b33fd4647716e8453a5f780caf923e093

  • SSDEEP

    768:m2i9aTNJIDAxo3EogjwxBbPDt5PmTYhbNVFeyjtRqY0uwC:OSJIM1ogUxB7Dt5+TiFZjtb6

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (14893) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1