Overview

overview

9

Static

static

loligang.mpsl

linux_amd64

loligang.mpsl

linux_mipsel

9

loligang.mpsl

linux_mips

Analysis

  • max time kernel
    14678s
  • max time network
    18s
  • platform
    linux_mipsel
  • resource
    debian9-mipsel
  • submitted
    08-05-2021 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    loligang.mpsl

  • Size

    89KB

  • MD5

    d0581f69683111c9f21d18151f15e0e1

  • SHA1

    b51199b947f1274430bde1bd40d1986339ef9bc5

  • SHA256

    aebf23e5bbda598d5a0f8afa6e8a084a19f83f2b20730271557546db3d975ae4

  • SHA512

    0890a8ddddc813c33a8d4de73818bb38ae5a90272dcd80cb4d2c6b19cfe3d046a0f0e1cf95c74d7ab1e9d256559d08de269f338af329d920c0f617f165adfa10

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 28 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • ./loligang.mpsl
    ./loligang.mpsl
    1⤵
      PID:313

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Impair Defenses

    1
    T1562

    Credential Access

    Discovery

    System Network Connections Discovery

    1
    T1049

    System Network Configuration Discovery

    1
    T1016

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads