General
-
Target
b7816bfc9667a38481a05ed89f3d4d46d6f1a0ad7b4282c656982a3ede890e24.elf
-
Size
50KB
-
Sample
250308-p62fzaxnv8
-
MD5
cf78540b269e6a19af9cddf8da7f95eb
-
SHA1
0a6d185ac409e36511605e9d056b8af7bbc40cdb
-
SHA256
b7816bfc9667a38481a05ed89f3d4d46d6f1a0ad7b4282c656982a3ede890e24
-
SHA512
8fc62d9eb56eb9bee26184edde19db7ae4123a4608b6192c38f1d71826733522713c09a8f35962e72cd7d2851a186bc19d1c320b977446f882a038bf602378fd
-
SSDEEP
768:EDQ6R57QYZlWZfFKfNGfdaz5gBelje2jeX6J6W2QDXi94Kt4L:EDQm57hP0FMgwjPjG6J6dQyt
Malware Config
Targets
-
-
Target
b7816bfc9667a38481a05ed89f3d4d46d6f1a0ad7b4282c656982a3ede890e24.elf
-
Size
50KB
-
MD5
cf78540b269e6a19af9cddf8da7f95eb
-
SHA1
0a6d185ac409e36511605e9d056b8af7bbc40cdb
-
SHA256
b7816bfc9667a38481a05ed89f3d4d46d6f1a0ad7b4282c656982a3ede890e24
-
SHA512
8fc62d9eb56eb9bee26184edde19db7ae4123a4608b6192c38f1d71826733522713c09a8f35962e72cd7d2851a186bc19d1c320b977446f882a038bf602378fd
-
SSDEEP
768:EDQ6R57QYZlWZfFKfNGfdaz5gBelje2jeX6J6W2QDXi94Kt4L:EDQm57hP0FMgwjPjG6J6dQyt
Score9/10-
Contacts a large (14896) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-