Overview

overview

9

Static

static

1

bok.mpsl.elf

debian-9-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bok.mpsl.elf

  • Size

    37KB

  • Sample

    230312-ej3qeacf36

  • MD5

    d08dc70513143cc61c8ba737f53bb0b0

  • SHA1

    e037f75afc2489c9a942f35aa4c2d1d472bad721

  • SHA256

    6dd01c696ba79ffd5fd600d18dd464a7d85534148aff25bed370ed90ec025423

  • SHA512

    ab07d75dca65cfc59655d03a6cfd60127a37d6ececd9bafb5538c46f13c478bb9d180a675d8bc550d89080204a537546f61b590f20d19bba353e88480973c716

  • SSDEEP

    768:wxJ06HVZmAcDS+3LJREz8CAoveorosRn4G5xKph7Kb4pdWw+wDPxWU:wnTHnmXScNREoCA4FBRn41PdswDPX

Score
9/10
discovery

Malware Config

Targets

    • Target

      bok.mpsl.elf

    • Size

      37KB

    • MD5

      d08dc70513143cc61c8ba737f53bb0b0

    • SHA1

      e037f75afc2489c9a942f35aa4c2d1d472bad721

    • SHA256

      6dd01c696ba79ffd5fd600d18dd464a7d85534148aff25bed370ed90ec025423

    • SHA512

      ab07d75dca65cfc59655d03a6cfd60127a37d6ececd9bafb5538c46f13c478bb9d180a675d8bc550d89080204a537546f61b590f20d19bba353e88480973c716

    • SSDEEP

      768:wxJ06HVZmAcDS+3LJREz8CAoveorosRn4G5xKph7Kb4pdWw+wDPxWU:wnTHnmXScNREoCA4FBRn41PdswDPX

    Score
    9/10
    discovery

    • Contacts a large (45937) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks