Extracted

• • Target

    a7b04de90cab3b5aaa1f510aa9f2895f7b9fe9d12f7e07d6bf470ddff13f3cdc.elf

  • Size

    74KB

  • MD5

    c2a9f283ca96c3782ba52fcfb9b96d7c

  • SHA1

    fee2094b5ba28019c0a737b429360a138a5e663e

  • SHA256

    a7b04de90cab3b5aaa1f510aa9f2895f7b9fe9d12f7e07d6bf470ddff13f3cdc

  • SHA512

    2d7abb34e95d07f41b0ec6d563e015b7110bd3a78aac6d248cac75a38b9f3ec3b147b74d80e0fb453f8067b4fd2d2139feb49b8f0317839c0d97118cd7da10f4

  • SSDEEP

    1536:LWRjo2iV+GhVYEaMltNsRS1giSyJRNERHdXh/e:LGE2iV+GhFtNK9

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (54423) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1