Extracted

• • Target

    g4za.arm.elf

  • Size

    86KB

  • MD5

    ffe5eaa7de5806728cc8832cf8355aac

  • SHA1

    4c4ca7084cea4f632b6303f540d79ad68d4cd6df

  • SHA256

    f0fe0f22eed4d6f489e626c4b224287063cc78c0bc05552d0df0f87849192d12

  • SHA512

    8b23f0dd80f42b346202d1aa9368201d115fb193f24d0b5f7b402972d4a9ac4540987698f49cb2822ac63e34a77cf9bdfa005f414e7fb9a156498a4710fc5afc

  • SSDEEP

    1536:j01gPv9OCDGQvZUsKmqx33eZtU5vWmFPNeiiW/cHvgi:j01gPv9sVx3wgFPNF1cl

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (125397) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1