Extracted

• • Target

    91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a.elf

  • Size

    162KB

  • MD5

    c8a4c82cf20d8084ae8c033cec1a89ec

  • SHA1

    41636c100970c6247bfcdbb77706bc57092d3fc8

  • SHA256

    91d2c341f6489f94dfa001ef9151e56fa6f8331b218733a8b6f4152f3685fe2a

  • SHA512

    c9baa532fc4c137a2c50213f3e4ac369dbcdaf4e19f5dc275e40c1fa35b7e9b52ba5d281de56337e39b5c050de235bac6d073ca413b8eb8eec660d4cabc14bae

  • SSDEEP

    3072:EGI4HqR83prk/BES/NDkanLiXGjs6MyWqlRRnbaBfl7b1rv4aw1RPPS:EGI4HqR8Zrk/BESrLZMyWi2BPwvPPS

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (7170) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Deletes itself

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Writes file to system bin folder

  behavioral1