General
-
Target
d062f272fc6c0dfafbe1e5f36191f0806685c7331a06a4728e153953d512df31.elf
-
Size
50KB
-
Sample
250308-q7s2naxzft
-
MD5
234e1f7d3eb2f996d2db9d7fc998fe98
-
SHA1
ff06b027a462f1e7295e6b85762e331554fc7586
-
SHA256
d062f272fc6c0dfafbe1e5f36191f0806685c7331a06a4728e153953d512df31
-
SHA512
87270432a2025637fcf9bf6bcb747334adadd7000f5adb8a505f7aa1deea58f203ba98bd57acacc43c4d7587dffbebed65326bb17cb9f52322f24c65cba1239a
-
SSDEEP
768:YF8t7FeD2dgjFlA3J9YbpVJnicUnvBwDsi1VJJwdwewxawywtawQj4YwQn7dxr9x:My7Fs2e8uwnGcj4E7dxhkRE1Tu60Vi
Malware Config
Targets
-
-
Target
d062f272fc6c0dfafbe1e5f36191f0806685c7331a06a4728e153953d512df31.elf
-
Size
50KB
-
MD5
234e1f7d3eb2f996d2db9d7fc998fe98
-
SHA1
ff06b027a462f1e7295e6b85762e331554fc7586
-
SHA256
d062f272fc6c0dfafbe1e5f36191f0806685c7331a06a4728e153953d512df31
-
SHA512
87270432a2025637fcf9bf6bcb747334adadd7000f5adb8a505f7aa1deea58f203ba98bd57acacc43c4d7587dffbebed65326bb17cb9f52322f24c65cba1239a
-
SSDEEP
768:YF8t7FeD2dgjFlA3J9YbpVJnicUnvBwDsi1VJJwdwewxawywtawQj4YwQn7dxr9x:My7Fs2e8uwnGcj4E7dxhkRE1Tu60Vi
Score9/10-
Contacts a large (11896) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-