General
-
Target
ead9d3290c96e6b9dccc57160026c84c.bin
-
Size
44KB
-
Sample
240701-el4eqawaqb
-
MD5
50e2f859a437c0d1eda682eaed11f1e6
-
SHA1
48a71f6a1416d326374d7d7ea10740efa5c3d159
-
SHA256
d071915da340d66299ef5f1af8bcb5c398fbd0b753678411e85ee6ac91a60528
-
SHA512
c892b7e2a1769ad89714b55541cd74a0f2aef5c041f308c5378ec6c1ff187670d23e014d8f816aed46e5ae41f31630171bc8303238c01b8688f0bdc6dd26bc64
-
SSDEEP
768:LZpnxca7MvZeBEp1cd5q6IIrI9Hc6PJZSh9Of0QrV+ZXIQSl+T00rqDnfSE:rnxchReSjcd1rSc6xIjOX8dIQBxmf
Static task
static1
Behavioral task
behavioral1
Sample
adf9e44d80c9d77c6ff1e9c3c96eb022ccfbec2ad2714d1b4e2e8cfa1ee9c60d.elf
Resource
debian12-armhf-20240418-en
Malware Config
Targets
-
-
Target
adf9e44d80c9d77c6ff1e9c3c96eb022ccfbec2ad2714d1b4e2e8cfa1ee9c60d.elf
-
Size
82KB
-
MD5
ead9d3290c96e6b9dccc57160026c84c
-
SHA1
0d8c26b3a30afa759e62c16f5251f64f2401d803
-
SHA256
adf9e44d80c9d77c6ff1e9c3c96eb022ccfbec2ad2714d1b4e2e8cfa1ee9c60d
-
SHA512
e2673ada3b76c78b1f97881805a0ffadae4179d56c13c65ce31ac6ad5cba5874ee404ba0376bc90fbe11075b799976048e049509a5f26168d68204a934fd8fc9
-
SSDEEP
1536:opnZ8fsdCalVGTMssjrRZ61SoGYJbMB13hcdVO9lwwi4AfnaBV:sZdCEbseFI1So/bMB13hc7qAfnar
Score9/10-
Contacts a large (75080) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-