Extracted

• • Target

    914ea1749e5b132c5a6e7e7c224a7065a02cbdcda91f43fbfbae8bb4b637c170.elf

  • Size

    5.1MB

  • MD5

    00d3aeb1eef55a92d8d91a4f404334c6

  • SHA1

    af39f4f9421d4329793ae8d417c9298c8191c387

  • SHA256

    914ea1749e5b132c5a6e7e7c224a7065a02cbdcda91f43fbfbae8bb4b637c170

  • SHA512

    ac5f1a9879da4695a0f8817415f4e4410d67890a92edd9533435d040a76d9a1d3f6aeb5cf5bedba846858d6a09998b7533f2c094baabd0d86f711572290a09fb

  • SSDEEP

    49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVlrzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqL

  Score

  9^/10

  defense_evasiondiscoveryexecutionpersistenceprivilege_escalationransomware

  • Renames multiple (1004) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    executionpersistenceprivilege_escalation

  • Creates/modifies environment variables

    Creating/modifying environment variables is a common persistence mechanism.

    persistenceprivilege_escalationdefense_evasion

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies init.d

    Adds/modifies system service, likely for persistence.

    persistence

  • Modifies systemd

    Adds/ modifies systemd service files. Likely to achieve persistence.

    persistenceprivilege_escalation

  • Write file to user bin folder

    persistence

  • Modifies Bash startup script

    persistence
  behavioral1