Extracted

• • Target

    df42267c56c5e4d6980430310822574c57c1a50267ae552131b20f08539ee9a4.elf

  • Size

    55KB

  • MD5

    2c50e901d5c7f4f142f37de3b2db9e0c

  • SHA1

    d9ee27dedfc686b44b33b5a968624fc51326301d

  • SHA256

    df42267c56c5e4d6980430310822574c57c1a50267ae552131b20f08539ee9a4

  • SHA512

    a1bfb4b1272ce3e830db6d9a630525fd7a8d2e14a44cd604a2a2f6ffb4194d43bf82aa156ddac0cf50fa3bf65ec00687dd97dc7b33122bfa42d3a30765567ac0

  • SSDEEP

    1536:5lCCL9C0ibysVIwfcya5FKtt5ATYUIDV+5:5lCCcPraetbM3IDVk

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (62075) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1