Extracted

• • Target

    e98bb85e62e8f36b216d399715963ab80b8ba269e6131b8cb158fd9ef593aee8.elf

  • Size

    55KB

  • MD5

    d17c759bcd89675f7781f21088898ddc

  • SHA1

    3c2b80ee94c8d5d8b5de9d70512c809bae0825d7

  • SHA256

    e98bb85e62e8f36b216d399715963ab80b8ba269e6131b8cb158fd9ef593aee8

  • SHA512

    23cbed514c7968b2a45aa90e7bf0d64607edb7cc7b807830296d8237c15bd90cc627a07301a3651fa6d8ef7f803e10364b07134921e8ba18a2dcd888c0204022

  • SSDEEP

    1536:rd1UhwH0Oo6AIX4Syya5FIt5OTusy9V/a3:rd1Uhw9BJaUbuty9Vi3

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (66065) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1