Extracted

• • Target

    bde633cd452fed01853c937dc5393cd8580d7ebfccdae3df9260e38d051aba8a.elf

  • Size

    78KB

  • MD5

    94a09ed2ea88808c8cd5652d3f9b9926

  • SHA1

    f543a5233813c5e064f1e59ccb5b1d0cfa022fbb

  • SHA256

    bde633cd452fed01853c937dc5393cd8580d7ebfccdae3df9260e38d051aba8a

  • SHA512

    4622ed6b0ec8ad03c09fec7a7ce2e34914549c0f9a5c9a1b009b7907954659128f3af0c0ab6d170abec2734b83f396abaefd467ddba89ee568e708d1a6aaa405

  • SSDEEP

    1536:FxnQlhrVZoKlI8Kviaw4oRnXp9t4KBfpAL6TgRp9dqCcQndlNci7u1yce:khhZi8Kviaw40nX+KBfpIIgRp9dqCB1H

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (168673) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1