Extracted

• • Target

    55bb1f8005d2fa8d651b660d4244c862511ad4a087fc11e9f431bd46133a9557.elf

  • Size

    56KB

  • MD5

    83d821d592c4fad0de123fe807449a24

  • SHA1

    eb86a7be50032cd170f62bc4198dad8c28810276

  • SHA256

    55bb1f8005d2fa8d651b660d4244c862511ad4a087fc11e9f431bd46133a9557

  • SHA512

    aa0355643aff2acf5c7cb0e463147c841c50ba4f4aeac9cc36f9731936dc80a31b7f74e3291d7f42c0a5ad505926a5c5216b8e04ae2c25d2d890558152089ce9

  • SSDEEP

    1536:wNdu8t7tF7DaWr55qpQ1ya5Fet5GXsEoPO9VQ4uW:wNduYF7IyQaKbGP0O9VzuW

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (158497) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1