Analysis
-
max time kernel
32s -
max time network
38s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
14-04-2024 15:05
General
-
Target
mpsl
-
Size
33KB
-
MD5
bf258297d167054f2e6eb0663ec8112e
-
SHA1
b8c339df5c160fefd0d074f38090e4f7bb6c7f7f
-
SHA256
396727615b18e1cb701c77fd5c85d7f33734ced97a9ecd930cc4d5c9590b3d01
-
SHA512
ba01240a4ebe685a58b232ebea07320cab6572dbd6ae848e9fb09dfccbff7618f534577cf7cd6e968c499f16ea84203053471fe035434238aea8452059fa950f
-
SSDEEP
384:ej1iuHGHYf5iuK/qSY6ZFTMLRisYOee0Cr3LWL59AlLDvX9QDB0EG7jD+QBTmixW:eBHb5iuKpiYORpWoZTaojjTpH3WJ
Malware Config
Extracted
Family
mirai
Botnet
MIRAI
Signatures
-
Changes its process name 1 IoCs
Processes:
mpsldescription ioc pid process Changes the process name, possibly in an attempt to hide itself m0434pgl0bp8nm5at16a 726 mpsl -
Deletes itself 1 IoCs
Processes:
mpslpid process 726 mpsl -
Processes:
description ioc File deleted /var/log/journal/edeb2f80f756429c9aae366fe5ab23dd/system.journal -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
mpsldescription ioc process File opened for modification /dev/watchdog mpsl File opened for modification /dev/misc/watchdog mpsl
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/726-1-0x00400000-0x00464c60-memory.dmp