Extracted

• • Target

    9b2c1555ec6fdf5ef324ae712df57e49ddbe66b821f437c9b7df37950ec2dbb6.elf

  • Size

    60KB

  • MD5

    9b4de4d4341f1ea8f5ba6f0fcfb1bee8

  • SHA1

    200cec8d2413a153f3a11293f5b2451010f06474

  • SHA256

    9b2c1555ec6fdf5ef324ae712df57e49ddbe66b821f437c9b7df37950ec2dbb6

  • SHA512

    941eb58197b2f194874e9dc4027b5593526257c137c378246a232e2c44560ce09236a35ee10d67d1ba7acc408852b3fe61254dc8f1e702b7cc8d6c0d1f60e2ab

  • SSDEEP

    1536:2W7iFfylT3vVpLs8a7xZEtgRilzsuXPbbBR:V7iFknD6eIil4uXPb

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (31083) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1