Overview

overview

9

Static

static

bk.mpsl.elf

debian-9-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bk.mpsl.elf

  • Size

    37KB

  • Sample

    220926-z7bbaacac2

  • MD5

    fe355a215c195a9c8fea25c8cae76786

  • SHA1

    1d3802db77758daf84891afc4d052f0a3a838193

  • SHA256

    54b871237fc4a0a39078bc4d4d330953f3550de3714dc49ee94fd0d1454ca85d

  • SHA512

    1d8741cf45224c70695f0f16f895ac6351c0d924edbd07747da0a8a8a086476fe3ceea2c489ae145da787fbba94653076281e18e9cb75e1051b502785e4366c2

  • SSDEEP

    768:+KVT2899tdlMmXBZe8s4Cc0xg9RCreJElGnDM5TWb8:zVa69qmX/2kefreJEUDo5

Score
9/10
discovery

Malware Config

Targets

    • Target

      bk.mpsl.elf

    • Size

      37KB

    • MD5

      fe355a215c195a9c8fea25c8cae76786

    • SHA1

      1d3802db77758daf84891afc4d052f0a3a838193

    • SHA256

      54b871237fc4a0a39078bc4d4d330953f3550de3714dc49ee94fd0d1454ca85d

    • SHA512

      1d8741cf45224c70695f0f16f895ac6351c0d924edbd07747da0a8a8a086476fe3ceea2c489ae145da787fbba94653076281e18e9cb75e1051b502785e4366c2

    • SSDEEP

      768:+KVT2899tdlMmXBZe8s4Cc0xg9RCreJElGnDM5TWb8:zVa69qmX/2kefreJEUDo5

    Score
    9/10
    discovery

    • Contacts a large (44537) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks