Overview

overview

10

Static

static

10

mpsl

debian-12-mipsel

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    mpsl

  • Size

    224KB

  • Sample

    240823-xhdn1aserr

  • MD5

    8cbc07213d188fa1f656e48017de445d

  • SHA1

    7037caa0d9a61fb647031889d96b5c5721226f40

  • SHA256

    59da7bb077d1f1ece2e92b90ad6b12f132b18f265ced3f75ee372694f0198ccb

  • SHA512

    d7d02d21414564c148cd4bbc47f99a2854d98a2530317aa6465d40b648079ede13720de901dad5264a9eeb3142052bf22354c5b29d284e17e8961f45cd312339

  • SSDEEP

    6144:FV6Zda7JpRDIWU/9QpkWsYx0PzZSNdQ4PDkvgBWyle+glRzf2fEsZPrk29ODTb3l:z6OChdvHi5E

Score
10/10
miraidiscoveryevasion

Malware Config

Targets

    • Target

      mpsl

    • Size

      224KB

    • MD5

      8cbc07213d188fa1f656e48017de445d

    • SHA1

      7037caa0d9a61fb647031889d96b5c5721226f40

    • SHA256

      59da7bb077d1f1ece2e92b90ad6b12f132b18f265ced3f75ee372694f0198ccb

    • SHA512

      d7d02d21414564c148cd4bbc47f99a2854d98a2530317aa6465d40b648079ede13720de901dad5264a9eeb3142052bf22354c5b29d284e17e8961f45cd312339

    • SSDEEP

      6144:FV6Zda7JpRDIWU/9QpkWsYx0PzZSNdQ4PDkvgBWyle+glRzf2fEsZPrk29ODTb3l:z6OChdvHi5E

    Score
    9/10
    discoveryevasion

    • Contacts a large (877592) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Deletes Audit logs

      Deletes logs related to the Linux Audit framework.

      evasion

    • Deletes journal logs

      Deletes systemd journal logs. Likely to evade detection.

      evasion

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks