Extracted

• • Target

    arm.elf

  • Size

    70KB

  • MD5

    eca11f7fc0d09d8cd1feb833c756634d

  • SHA1

    1f1438adccb3a41c1581d3ce4b5f2b3190c63aba

  • SHA256

    e9d51bfc92bf3446c86edbddac88b7b6531a69fcbdaefab6dda7dc8e77f107c6

  • SHA512

    20cc5e1bbee7135227bd1c42fb6aea4bfd269f55e5493d0ef22fd60513c86b7b197a4696abfc678fa4296ef597d3893a55f9a0138edc6f4aaa145dd3b136edc0

  • SSDEEP

    1536:sWPKw0DX+CaF8wl82EFyFLJwq0E4lFDTFUI070R3tvH:sWzGX+n+2SiinPBUxIvH

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (85246) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1