Analysis
-
max time kernel
39528s -
max time network
152s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
resource tags
arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
11/03/2023, 05:07
Static task
static1
Behavioral task
behavioral1
Sample
bok.mpsl-20230311-0506.elf
Resource
debian9-mipsel-en-20211208
debian-9-mipsel
General
-
Target
bok.mpsl-20230311-0506.elf
-
Size
37KB
-
MD5
f13c3bf4881ff085ba27b92b641e6854
-
SHA1
664b566e18ed9480d7720fa4b6d7ae7cf922fb33
-
SHA256
5c6438c274682174a00a381ede0c3511f2b7f919887a63ced5798f69467511ec
-
SHA512
1691ddef493e50638cff6bec3e7659384d3ca1a28365774b2a50457df9fba23b3fe1c46fb227d1f3925dbca73ffed84152de193e35c0c4b0498d9c54ad3b8ba4
-
SSDEEP
768:VxJ06HVZmAcDS+3LJREz8CAoveorosRn4G5E0Z1mwgIRlLj5xhnIX1fWH:VnTHnmXScNREoCA4FBRn4/0ZoARlLj7h
Malware Config
Signatures
-
Contacts a large (45874) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/381/cmdline /proc/381/cmdline /proc/5/cmdline /proc/5/cmdline /proc/6/cmdline /proc/6/cmdline /proc/364/cmdline /proc/364/cmdline /proc/375/cmdline /proc/375/cmdline /proc/377/cmdline /proc/377/cmdline /proc/390/cmdline /proc/390/cmdline /proc/36/cmdline /proc/36/cmdline /proc/250/cmdline /proc/250/cmdline /proc/282/cmdline /proc/282/cmdline /proc/69/cmdline /proc/69/cmdline /proc/227/cmdline /proc/227/cmdline /proc/328/cmdline /proc/328/cmdline /proc/251/cmdline /proc/251/cmdline /proc/368/cmdline /proc/368/cmdline /proc/405/cmdline /proc/405/cmdline /proc/352/cmdline /proc/352/cmdline /proc/388/cmdline /proc/388/cmdline /proc/3/cmdline /proc/3/cmdline /proc/300/cmdline /proc/300/cmdline /proc/351/cmdline /proc/351/cmdline /proc/284/cmdline /proc/284/cmdline /proc/355/cmdline /proc/355/cmdline /proc/376/cmdline /proc/376/cmdline /proc/9/cmdline /proc/9/cmdline /proc/74/cmdline /proc/74/cmdline /proc/115/cmdline /proc/115/cmdline /proc/347/cmdline /proc/347/cmdline /proc/386/cmdline /proc/386/cmdline /proc/7/cmdline /proc/7/cmdline /proc/77/cmdline /proc/77/cmdline /proc/83/cmdline /proc/83/cmdline /proc/395/cmdline /proc/395/cmdline /proc/398/cmdline /proc/398/cmdline /proc/105/cmdline /proc/105/cmdline /proc/366/cmdline /proc/366/cmdline /proc/382/cmdline /proc/382/cmdline /proc/356/cmdline /proc/356/cmdline /proc/385/cmdline /proc/385/cmdline /proc/229/cmdline /proc/229/cmdline /proc/369/cmdline /proc/369/cmdline /proc/393/cmdline /proc/393/cmdline /proc/396/cmdline /proc/396/cmdline /proc/14/cmdline /proc/14/cmdline /proc/73/cmdline /proc/73/cmdline /proc/114/cmdline /proc/114/cmdline /proc/341/cmdline /proc/341/cmdline /proc/367/cmdline /proc/367/cmdline /proc/370/cmdline /proc/370/cmdline /proc/16/cmdline /proc/16/cmdline /proc/346/cmdline /proc/346/cmdline /proc/374/cmdline /proc/374/cmdline /proc/361/cmdline /proc/361/cmdline /proc/363/cmdline /proc/363/cmdline /proc/2/cmdline /proc/2/cmdline /proc/19/cmdline /proc/19/cmdline /proc/359/cmdline /proc/359/cmdline /proc/337/cmdline /proc/337/cmdline /proc/387/cmdline /proc/387/cmdline /proc/392/cmdline /proc/392/cmdline /proc/37/cmdline /proc/37/cmdline /proc/145/cmdline /proc/145/cmdline /proc/209/cmdline /proc/209/cmdline /proc/4/cmdline /proc/4/cmdline -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/bok.mpsl-20230311-0506.elf /tmp/bok.mpsl-20230311-0506.elf bok.mpsl-20230311-0506.elf