General
-
Target
nag.mpsl
-
Size
34KB
-
Sample
230429-1776paec6s
-
MD5
ce711144616b2d1038c9295fa6983f6b
-
SHA1
2517ed7a6d9802ca9ddcae6ee7f52b08b89b5eae
-
SHA256
14770cf045fc9861c065bedd807f03c552bd11de39e4253e0ef42fbf671ebf11
-
SHA512
b042938638a22ce8567b17e7fddaabc7e8a6f0fd6ebd64acab9f253bc9df7a3e397a6458f4d9d8bd7df633bec471d9d343d054dac36f1bc11bb0d9db4706fe2e
-
SSDEEP
768:mj9xqRjKJh1bXWJ1fflDYeO4yDHFx7+0kwzaEicYwiBJmUKOWG:y6RGxyJJflDYeR0b+T2aEDv0
Malware Config
Targets
-
-
Target
nag.mpsl
-
Size
34KB
-
MD5
ce711144616b2d1038c9295fa6983f6b
-
SHA1
2517ed7a6d9802ca9ddcae6ee7f52b08b89b5eae
-
SHA256
14770cf045fc9861c065bedd807f03c552bd11de39e4253e0ef42fbf671ebf11
-
SHA512
b042938638a22ce8567b17e7fddaabc7e8a6f0fd6ebd64acab9f253bc9df7a3e397a6458f4d9d8bd7df633bec471d9d343d054dac36f1bc11bb0d9db4706fe2e
-
SSDEEP
768:mj9xqRjKJh1bXWJ1fflDYeO4yDHFx7+0kwzaEicYwiBJmUKOWG:y6RGxyJJflDYeR0b+T2aEDv0
-
Contacts a large (36792) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Deletes itself
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-