Extracted

• • Target

    arm.elf

  • Size

    56KB

  • MD5

    cd0836bb76c0bd568a099e72ef83ffb3

  • SHA1

    5fd9da67c4a9bb21198ea620fbd8c88107f74af5

  • SHA256

    06cd477d71445530f3bb6ec717e553569719b20cdaac7243640a275f051af2d8

  • SHA512

    6efa322583111263f0b6a40e0d38fcf48f137b09cf0a6b46a3135a3ab285f9a14a8f45142b9f7182e80d9bb9b5af31df4106a89eae69d73fc21c45716608955c

  • SSDEEP

    1536:5Jh1jn5pDwijQ4bX4Hya5FMt5GljEi7sjVqXM:5Jh1TgsISagbGCKsjVWM

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (162426) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1