Analysis
-
max time kernel
25165s -
max time network
152s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
resource tags
arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/09/2022, 23:32
Static task
static1
Behavioral task
behavioral1
Sample
ak.mpsl-20220925-2331.elf
Resource
debian9-mipsel-en-20211208
debian-9-mipsel
General
-
Target
ak.mpsl-20220925-2331.elf
-
Size
37KB
-
MD5
c84c764cae04dc30e0838344f2cd70e5
-
SHA1
b83fd603ebba46b1764ca0c1b967bdbb231ba427
-
SHA256
c9c53ef62c88cabd74a03bd4038da9a194c2d4783e12652cd3896b9fbcf3eff3
-
SHA512
914511dffb35a13694e2b3ca1f462df123855eb79a96620d0beaca29a1b4662980e8403c9e491e8f4ce1564e5809e2c76b792f9a397247b309071bad9e896116
-
SSDEEP
768:MvIDEMi82jtPpIX4IPJCSQKCSFfdOuQcnyz0fFidAQ9toNyMUWY:MvIYMX2Jk4+Q1S1d8cnyzyFHQSg
Malware Config
Signatures
-
Contacts a large (45747) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/423/cmdline /proc/423/cmdline /proc/432/cmdline /proc/432/cmdline /proc/260/cmdline /proc/260/cmdline /proc/307/cmdline /proc/307/cmdline /proc/337/cmdline /proc/337/cmdline /proc/379/cmdline /proc/379/cmdline /proc/411/cmdline /proc/411/cmdline /proc/364/cmdline /proc/364/cmdline /proc/375/cmdline /proc/375/cmdline /proc/381/cmdline /proc/381/cmdline /proc/399/cmdline /proc/399/cmdline /proc/369/cmdline /proc/369/cmdline /proc/372/cmdline /proc/372/cmdline /proc/401/cmdline /proc/401/cmdline /proc/408/cmdline /proc/408/cmdline /proc/76/cmdline /proc/76/cmdline /proc/221/cmdline /proc/221/cmdline /proc/343/cmdline /proc/343/cmdline /proc/363/cmdline /proc/363/cmdline /proc/391/cmdline /proc/391/cmdline /proc/11/cmdline /proc/11/cmdline /proc/340/cmdline /proc/340/cmdline /proc/345/cmdline /proc/345/cmdline /proc/377/cmdline /proc/377/cmdline /proc/23/cmdline /proc/23/cmdline /proc/18/cmdline /proc/18/cmdline /proc/389/cmdline /proc/389/cmdline /proc/390/cmdline /proc/390/cmdline /proc/8/cmdline /proc/8/cmdline /proc/37/cmdline /proc/37/cmdline /proc/17/cmdline /proc/17/cmdline /proc/73/cmdline /proc/73/cmdline /proc/353/cmdline /proc/353/cmdline /proc/388/cmdline /proc/388/cmdline /proc/352/cmdline /proc/352/cmdline /proc/396/cmdline /proc/396/cmdline /proc/422/cmdline /proc/422/cmdline /proc/14/cmdline /proc/14/cmdline /proc/20/cmdline /proc/20/cmdline /proc/74/cmdline /proc/74/cmdline /proc/306/cmdline /proc/306/cmdline /proc/251/cmdline /proc/251/cmdline /proc/252/cmdline /proc/252/cmdline /proc/348/cmdline /proc/348/cmdline /proc/373/cmdline /proc/373/cmdline /proc/326/cmdline /proc/326/cmdline /proc/367/cmdline /proc/367/cmdline /proc/9/cmdline /proc/9/cmdline /proc/72/cmdline /proc/72/cmdline /proc/77/cmdline /proc/77/cmdline /proc/235/cmdline /proc/235/cmdline /proc/300/cmdline /proc/300/cmdline /proc/397/cmdline /proc/397/cmdline /proc/431/cmdline /proc/431/cmdline /proc/3/cmdline /proc/3/cmdline /proc/4/cmdline /proc/4/cmdline /proc/7/cmdline /proc/7/cmdline /proc/10/cmdline /proc/10/cmdline /proc/351/cmdline /proc/351/cmdline /proc/407/cmdline /proc/407/cmdline /proc/269/cmdline /proc/269/cmdline /proc/357/cmdline /proc/357/cmdline /proc/370/cmdline /proc/370/cmdline /proc/16/cmdline /proc/16/cmdline -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/ak.mpsl-20220925-2331.elf /tmp/ak.mpsl-20220925-2331.elf ak.mpsl-20220925-2331.elf