General
-
Target
nabmpsl.elf
-
Size
51KB
-
Sample
250310-bdvwtsxly2
-
MD5
d73c770338042b8f503e54fd32541aad
-
SHA1
cdcd238715b649ad335b085141ce3b9943c6c4d9
-
SHA256
43e9eb915b547d4ff40678020a90e406176697f0a0f06982adf572896f8bb440
-
SHA512
b4785d734e3d354b0c4eb507c03a0fcfe88eed0741d4b0595bae599edb3ddeb09f6579a22d17cac6cb1187a35c10eff769c069fc586a39ae3572773a4986899e
-
SSDEEP
768:Q8mN65nxTY4WpetK3hLw2SM5tyeFEeWDeSamIj6oCXio4qNtq:Q8mN65n2j9wnMOQEvDzamIOo4N
Malware Config
Targets
-
-
Target
nabmpsl.elf
-
Size
51KB
-
MD5
d73c770338042b8f503e54fd32541aad
-
SHA1
cdcd238715b649ad335b085141ce3b9943c6c4d9
-
SHA256
43e9eb915b547d4ff40678020a90e406176697f0a0f06982adf572896f8bb440
-
SHA512
b4785d734e3d354b0c4eb507c03a0fcfe88eed0741d4b0595bae599edb3ddeb09f6579a22d17cac6cb1187a35c10eff769c069fc586a39ae3572773a4986899e
-
SSDEEP
768:Q8mN65nxTY4WpetK3hLw2SM5tyeFEeWDeSamIj6oCXio4qNtq:Q8mN65n2j9wnMOQEvDzamIOo4N
Score9/10-
Contacts a large (13695) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-