Extracted

• • Target

    ab79176ab34c50a57366c4f304324fc6aa1eb88d01f3095de03be4cb4d6e1111.elf

  • Size

    41KB

  • MD5

    5bb49e8af8e266d807e30d1361da6f3a

  • SHA1

    be0f5cb88a09051245207147c5a23112135e72cf

  • SHA256

    ab79176ab34c50a57366c4f304324fc6aa1eb88d01f3095de03be4cb4d6e1111

  • SHA512

    ad564271d7ffc7e8a1d35b9fb2e5032a6e8375a1925ea13c869ff7a92e141918250a4c0bb327b3222ac5fa29dcf7f7a86760761fddecdc15a79634f1f0f59321

  • SSDEEP

    768:4wACtpMpoFH0ED+YLHdrkI1kbNBhy6OVP9NfWeOWGwXPbbBR:wCtSZW+Sdr3chROVjvOWXPbbBR

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (4799) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1