Extracted

• • Target

    apep.arm.elf

  • Size

    77KB

  • MD5

    749300bd794f718d78784b99e1a90923

  • SHA1

    0742bb4875c10c5a7e25dc72b0cb8d04283d9050

  • SHA256

    940509e3fcf5e592788d5dee549b023d3976d09d1f22182708774dc2354fcbf1

  • SHA512

    650f2eb431da1f8a3cff01362546777f8b04c7e0ed210e9ab71fb57ea014f476557a5d958972e966e1c2e84248d8f56bb6518501d4f60dd28374f710b9497be9

  • SSDEEP

    1536:dviSTWWo171yMft+sc9Wc5MSTWzsB+tCRcfC5ibApN2:dviSTIePSz4OyNXp

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (167112) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1