Analysis
-
max time kernel
14678s -
max time network
18s -
platform
linux_mipsel -
resource
debian9-mipsel -
submitted
08-05-2021 13:10
Static task
static1
Behavioral task
behavioral1
Sample
loligang.mpsl
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
loligang.mpsl
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
loligang.mpsl
Resource
debian9-mipsbe
General
-
Target
loligang.mpsl
-
Size
89KB
-
MD5
d0581f69683111c9f21d18151f15e0e1
-
SHA1
b51199b947f1274430bde1bd40d1986339ef9bc5
-
SHA256
aebf23e5bbda598d5a0f8afa6e8a084a19f83f2b20730271557546db3d975ae4
-
SHA512
0890a8ddddc813c33a8d4de73818bb38ae5a90272dcd80cb4d2c6b19cfe3d046a0f0e1cf95c74d7ab1e9d256559d08de269f338af329d920c0f617f165adfa10
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 28 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/215/fd /proc/215/fd /proc/219/fd /proc/219/fd /proc/228/fd /proc/228/fd /proc/296/fd /proc/296/fd /proc/310/fd /proc/310/fd /proc/321/exe /proc/321/exe /proc/ /proc/ /proc/143/fd /proc/143/fd /proc/246/fd /proc/246/fd /proc/309/fd /proc/309/fd /proc/315/fd /proc/315/fd /proc/252/fd /proc/252/fd /proc/274/fd /proc/274/fd /proc/314/fd /proc/314/fd /proc/323/fd /proc/323/fd /proc/206/fd /proc/206/fd /proc/217/fd /proc/217/fd /proc/248/fd /proc/248/fd /proc/288/fd /proc/288/fd /proc/1/fd /proc/1/fd /proc/273/fd /proc/273/fd /proc/318/fd /proc/318/fd /proc/318/exe /proc/318/exe /proc/316/fd /proc/316/fd /proc/320/fd /proc/320/fd /proc/321/fd /proc/321/fd /proc/159/fd /proc/159/fd /proc/317/fd /proc/317/fd