Extracted

• • Target

    jklmpsl.elf

  • Size

    74KB

  • MD5

    a58df786a2a34dc0fb80679fc1f209da

  • SHA1

    4752abbcb5a0d99cb871dad0781bb3cd03d66fc9

  • SHA256

    86c056be36634614be66908d7f0972d73bb765bad533391385adf9656ac0151e

  • SHA512

    586e93b20b04b5a92e7a7004be40eac1c6d757add14df910513b39882c83c4be2eb5715dd94f259c99ab2aca04c9e30fad215864c8db4da301753bb0fdab1730

  • SSDEEP

    1536:H49Yx29ya5tVgVkxccxRAMiBZBA0s/kdyvcC:HAM29ya5tBcisx

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (147437) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1