Extracted

• • Target

    nabarm7.elf

  • Size

    60KB

  • MD5

    e8a362d641d2e6731de6739d4d7fbacf

  • SHA1

    fb1f1f0c16c83d1ab1180c30148e5c8c0a3ea3d6

  • SHA256

    cac6898b9cb1e97496358cc433e8f2bbc028d06612cd8d4e2014e7c67f974e03

  • SHA512

    51f921ce1a3e4f0ddfd2011db1070b0eff254f3e410eeb96788acec78532893cc82925dd6db5c8d754c5241a9b2ac7129ba9668e99edf0b3cff3e28aa83c4206

  • SSDEEP

    1536:NNnP0a4ygi0cghk7e73TNnbnPL0jx0OqOllFKi7GahJK:Ma4ygi0vhv73TNbnPL0jx0CfGahk

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (14814) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1