Extracted

• • Target

    0ec219b2e192aff5aad4f2c61d1757f88e5720808cd676605e39cc32d7185963.elf

  • Size

    36KB

  • MD5

    ba61a8db7067852ac05acb4c61b3fb8b

  • SHA1

    3420056e5e33bde3325e2ef13fc48c00d4096eb2

  • SHA256

    0ec219b2e192aff5aad4f2c61d1757f88e5720808cd676605e39cc32d7185963

  • SHA512

    e17c65784b012182dfbac300382b294b01a72e0bed1acafe170db82e757ea5ead3b5737c931aebf1fac83392652d7b37224fb5ef26a1e0ed520b18bdf819b4fd

  • SSDEEP

    768:Mtpf4yjepoCyNjwxBbPct5YUIlP4XEA7bNPMfA9tbU6IL4C:8f4yC+NUxB7ct5IPQEmMI9tJ/

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (14799) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1