Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
24933s -
max time network
152s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
resource tags
arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
23/09/2022, 07:10
Static task
static1
Behavioral task
behavioral1
Sample
ak.mpsl-20220923-0709.elf
Resource
debian9-mipsel-en-20211208
General
-
Target
ak.mpsl-20220923-0709.elf
-
Size
37KB
-
MD5
fdba94434e54cb58b2de87567630f1b8
-
SHA1
600519dd3841e247269bbe096b80a02cf2c26209
-
SHA256
2ce5bb314aea583de629b0cfc3e0b8b29df6790f7b819f8fc4ef9019f38e51b0
-
SHA512
fb08df4703414b71832dda77b30e254b800d68a1deb93c32ad68b7d6eb29683c7d90ce7f71722280c6ca70e40c15287c9fe18e5ac70a734c24914286524fcefd
-
SSDEEP
768:Xk9Hnr7+LtW0x9IYBXrf0cN4rWewXdbLQw+y+nBa02uWoA:01nrOt5xr4rWeSdfQXymBaL
Malware Config
Signatures
-
Contacts a large (46064) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/410/cmdline /proc/410/cmdline /proc/114/cmdline /proc/114/cmdline /proc/378/cmdline /proc/378/cmdline /proc/389/cmdline /proc/389/cmdline /proc/4/cmdline /proc/4/cmdline /proc/18/cmdline /proc/18/cmdline /proc/415/cmdline /proc/415/cmdline /proc/19/cmdline /proc/19/cmdline /proc/333/cmdline /proc/333/cmdline /proc/385/cmdline /proc/385/cmdline /proc/387/cmdline /proc/387/cmdline /proc/36/cmdline /proc/36/cmdline /proc/376/cmdline /proc/376/cmdline /proc/382/cmdline /proc/382/cmdline /proc/420/cmdline /proc/420/cmdline /proc/71/cmdline /proc/71/cmdline /proc/363/cmdline /proc/363/cmdline /proc/400/cmdline /proc/400/cmdline /proc/13/cmdline /proc/13/cmdline /proc/146/cmdline /proc/146/cmdline /proc/372/cmdline /proc/372/cmdline /proc/17/cmdline /proc/17/cmdline /proc/398/cmdline /proc/398/cmdline /proc/418/cmdline /proc/418/cmdline /proc/216/cmdline /proc/216/cmdline /proc/321/cmdline /proc/321/cmdline /proc/2/cmdline /proc/2/cmdline /proc/5/cmdline /proc/5/cmdline /proc/6/cmdline /proc/6/cmdline /proc/279/cmdline /proc/279/cmdline /proc/354/cmdline /proc/354/cmdline /proc/373/cmdline /proc/373/cmdline /proc/350/cmdline /proc/350/cmdline /proc/408/cmdline /proc/408/cmdline /proc/422/cmdline /proc/422/cmdline /proc/10/cmdline /proc/10/cmdline /proc/12/cmdline /proc/12/cmdline /proc/244/cmdline /proc/244/cmdline /proc/430/cmdline /proc/430/cmdline /proc/105/cmdline /proc/105/cmdline /proc/374/cmdline /proc/374/cmdline /proc/426/cmdline /proc/426/cmdline /proc/390/cmdline /proc/390/cmdline /proc/406/cmdline /proc/406/cmdline /proc/73/cmdline /proc/73/cmdline /proc/156/cmdline /proc/156/cmdline /proc/337/cmdline /proc/337/cmdline /proc/371/cmdline /proc/371/cmdline /proc/414/cmdline /proc/414/cmdline /proc/11/cmdline /proc/11/cmdline /proc/15/cmdline /proc/15/cmdline /proc/343/cmdline /proc/343/cmdline /proc/20/cmdline /proc/20/cmdline /proc/22/cmdline /proc/22/cmdline /proc/377/cmdline /proc/377/cmdline /proc/77/cmdline /proc/77/cmdline /proc/349/cmdline /proc/349/cmdline /proc/429/cmdline /proc/429/cmdline /proc/70/cmdline /proc/70/cmdline /proc/276/cmdline /proc/276/cmdline /proc/251/cmdline /proc/251/cmdline /proc/384/cmdline /proc/384/cmdline /proc/428/cmdline /proc/428/cmdline /proc/21/cmdline /proc/21/cmdline -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/ak.mpsl-20220923-0709.elf /tmp/ak.mpsl-20220923-0709.elf ak.mpsl-20220923-0709.elf