Extracted

• • Target

    a.elf

  • Size

    68KB

  • MD5

    e7f92c4e413c935c0a18829ec85f0628

  • SHA1

    5f9ca32a4e93a51ed8127dceb54e2e003d9cc015

  • SHA256

    656258b719c63b4436a318edf0602f200cb3207ec2c664fa4647352430baeda2

  • SHA512

    9f00d5e0dd1929d55d162d8d6e582ffce9fd75d8e17eae19f138f40ef0102cac87532dfd948cb10921b7f74650d6c11d04e7d3e4ceb272d867c615038eb5a32d

  • SSDEEP

    1536:eBYl8ZgUNE2QstBXXJff5KWq8M2hMze5qxOq5GzfnjOaAKbiA0:AMKgUNE2QsbXJ35I8M2hMze5qxOq5GzZ

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (209324) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1