aebf23e5bbda598d5a0f8afa6e8a084a19f83f2b20730271557546db3d975ae4 | Triage

Sharing

General

Target

loligang.mpsl
Size

89KB
Sample

210508-xthylnn2kn
MD5

d0581f69683111c9f21d18151f15e0e1
SHA1

b51199b947f1274430bde1bd40d1986339ef9bc5
SHA256

aebf23e5bbda598d5a0f8afa6e8a084a19f83f2b20730271557546db3d975ae4
SHA512

0890a8ddddc813c33a8d4de73818bb38ae5a90272dcd80cb4d2c6b19cfe3d046a0f0e1cf95c74d7ab1e9d256559d08de269f338af329d920c0f617f165adfa10

Score

9^/10

linux

Malware Config

Targets

- Target
  
  loligang.mpsl
- Size
  
  89KB
- MD5
  
  d0581f69683111c9f21d18151f15e0e1
- SHA1
  
  b51199b947f1274430bde1bd40d1986339ef9bc5
- SHA256
  
  aebf23e5bbda598d5a0f8afa6e8a084a19f83f2b20730271557546db3d975ae4
- SHA512
  
  0890a8ddddc813c33a8d4de73818bb38ae5a90272dcd80cb4d2c6b19cfe3d046a0f0e1cf95c74d7ab1e9d256559d08de269f338af329d920c0f617f165adfa10
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3