Extracted

• • Target

    nabarm5.elf

  • Size

    36KB

  • MD5

    60dcb6b17e4c2bfe8538c546e0891790

  • SHA1

    fa479fa7ca6381d2ffeea8ae216c0fc599069850

  • SHA256

    b97d3b2d55c0a8fc873da4accd60f26d45031d4a1f45d9cefdac7350bba9dc35

  • SHA512

    c3c8381f3ebf9a281b706d144219fb392df46756f9f40f0526fed0ff0c9e9e67e5073f43a14b1139991313d615cde048ef0288c63a5cfc6e44a19249eaf9603a

  • SSDEEP

    768:6tpf5yjepoCyNjwxBbPct5sUIlP4XEA7bNPMfA9tbU6IL4C:2f5yC+NUxB7ct5kPQEmMI9tJ/

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (14510) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1