Extracted

• • Target

    g4za.arm7.elf

  • Size

    163KB

  • MD5

    5b5b105a659c595a40ee2967b5ca706a

  • SHA1

    46be3e7bd1a7d9863c52f21cdb7bc7810e0819ea

  • SHA256

    b02aa7761baea80255a2b1ff688bd55d6af539d5acf39dd02d2607e9e13a3bd6

  • SHA512

    db68b2f18a5d068d5a3cac150b862f74ff8e0391260c398e831eb4b2f4b35856dcaaa8ad4e2c01a7695e735116de7c63e30c3264a5ffbc6e54530f75aec72926

  • SSDEEP

    3072:YsfvqoYF/VrhMZofKPaC+LKWK6nTUCo4MbPbFJJM/9YM:Ysf/YF/kSyPaC+LKWdnEPbPbFrM/9YM

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (125491) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1