Extracted

• • Target

    g4za.mips

  • Size

    106KB

  • MD5

    de57dd44247f891ff0419d0678c14c08

  • SHA1

    fa23acde6f9e029c295b195fc253cbf505c7a7e9

  • SHA256

    301b58ae229d7e9e0be0363b81571f0704c9abd67738f0524ed69d52b1fff2eb

  • SHA512

    cc004d9767c6847a871d7d54fa35c48e9bbaff57e17b2c81331785c3bc2614e42a8f3ee1d780341c303524318b8c060bfe75e0675cb1005e57bd6714a67e77ec

  • SSDEEP

    3072:7gSfmqSBUF8kipNeRFGZNN47E17m86FnTPOvhu:dmqSBUF8kipcaNN47E17m8ET8hu

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (126141) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1