Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240418-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    09-11-2024 17:07

General

  • Target

    main_mpsl.elf

  • Size

    58KB

  • MD5

    8bb8c61a30f302bdf8450b590465dae3

  • SHA1

    d526feeaa961567e19255b06aa597052a0df7472

  • SHA256

    99f2ca4702e6d82631935eecf366dcaecf48701216c15896761ff019647ee97c

  • SHA512

    144f3735053200d416692d410727c87bbc9d5af26c727e792fc8484849b6acbef674f34e96f2a9d2c482c860ab2ebfe890bd548f466428f1a3d7182f19ebf7ba

  • SSDEEP

    1536:eqsxT69k3x/rwjY6NgL6U28JBwrxLiipQeY9vCIB:WxT69kunfU28JGVLhQeY9zB

Score
10/10

Malware Config

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Deletes itself 1 IoCs
  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_mpsl.elf
    /tmp/main_mpsl.elf
    1⤵
    • Deletes itself
    • Changes its process name
    • Reads runtime system information
    • Writes file to tmp directory
    PID:744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/744-1-0x00400000-0x00473d30-memory.dmp