Extracted

• • Target

    f135cf3046be829d6f1b7ef020c5dd9eca385aed561d782f8b4d03220a2a833d.elf

  • Size

    74KB

  • MD5

    1c913df2ef682efc1d4a95fa390b0dc3

  • SHA1

    8e8897e8b47fe1f1223a7beb4d59b0cc38a1ba9f

  • SHA256

    f135cf3046be829d6f1b7ef020c5dd9eca385aed561d782f8b4d03220a2a833d

  • SHA512

    837ff38cce50f15ef19734a65a3474065e8db3dc58fbdb48675fc305575e9da8796a7c3ead521508128d71e4a4e188311ebd5fbde686018d1e87a9892c0b0a9d

  • SSDEEP

    1536:H49Yx29ya5tVgVkxNcxRAMiBZBA0s/kdyvcC:HAM29ya5tBNisx

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (65212) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1