Extracted

• • Target

    fb531b9c8d62d2e4fefe7e86921942555154d85d70648af680cb71118885ecc3.elf

  • Size

    60KB

  • MD5

    0c58e9115cbf70013b03892f6d214034

  • SHA1

    b50ba301b902ef18102298d65cf2cf486b364caa

  • SHA256

    fb531b9c8d62d2e4fefe7e86921942555154d85d70648af680cb71118885ecc3

  • SHA512

    6bccbdaf65560ed1d8af2fd9ec9aa19101f1966054642da3306881de425f919d9669b0e8f44064137647509f469f125c9777fce4c51fd25436275d2b8685dd2f

  • SSDEEP

    1536:VxnH8q55qmevnpejyx2s+uJPQ7hkulqDJllt6iJSjiyg:oq55qmCQjyx23uJPQ7hkuQ71Sj5g

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (14699) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1