General
-
Target
loligang.mpsl
-
Size
89KB
-
Sample
210508-xthylnn2kn
-
MD5
d0581f69683111c9f21d18151f15e0e1
-
SHA1
b51199b947f1274430bde1bd40d1986339ef9bc5
-
SHA256
aebf23e5bbda598d5a0f8afa6e8a084a19f83f2b20730271557546db3d975ae4
-
SHA512
0890a8ddddc813c33a8d4de73818bb38ae5a90272dcd80cb4d2c6b19cfe3d046a0f0e1cf95c74d7ab1e9d256559d08de269f338af329d920c0f617f165adfa10
Static task
static1
Behavioral task
behavioral1
Sample
loligang.mpsl
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
loligang.mpsl
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
loligang.mpsl
Resource
debian9-mipsbe
Malware Config
Targets
-
-
Target
loligang.mpsl
-
Size
89KB
-
MD5
d0581f69683111c9f21d18151f15e0e1
-
SHA1
b51199b947f1274430bde1bd40d1986339ef9bc5
-
SHA256
aebf23e5bbda598d5a0f8afa6e8a084a19f83f2b20730271557546db3d975ae4
-
SHA512
0890a8ddddc813c33a8d4de73818bb38ae5a90272dcd80cb4d2c6b19cfe3d046a0f0e1cf95c74d7ab1e9d256559d08de269f338af329d920c0f617f165adfa10
Score9/10-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-