Extracted

• • Target

    e2f8212e25b5c981e0be92428f013b289c4e2af6198d8414ed91c343ee1987df.elf

  • Size

    55KB

  • MD5

    13646cedba2b07cac40f1722c5ef9bb1

  • SHA1

    32ed76ad7e47f7919f7c8909321645cdcfeabe8b

  • SHA256

    e2f8212e25b5c981e0be92428f013b289c4e2af6198d8414ed91c343ee1987df

  • SHA512

    ce7bc090d5266283748f16be2b434a85a43ed5dff513d762653afc365872a360611fbd0dbfbce0628794d26e3a1a7a0a319c5039b74f74db7996acf5a864ed87

  • SSDEEP

    1536:tlCm3lC0+fygNDYPcya5F+tt5qTMwUXVaWw:tlCmk0raCtba3UXVvw

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (154676) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1