Malware Analysis Report

2024-11-13 18:02

Sample ID 241109-vmze6a1nbj
Target main_mpsl.elf
SHA256 99f2ca4702e6d82631935eecf366dcaecf48701216c15896761ff019647ee97c
Tags
upx mirai botnet discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

99f2ca4702e6d82631935eecf366dcaecf48701216c15896761ff019647ee97c

Threat Level: Known bad

The file main_mpsl.elf was found to be: Known bad.

Malicious Activity Summary

upx mirai botnet discovery

Mirai

Mirai family

Deletes itself

UPX packed file

Changes its process name

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-09 17:07

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 17:07

Reported

2024-11-09 17:09

Platform

debian12-mipsel-20240418-en

Max time kernel

151s

Max time network

154s

Command Line

[/tmp/main_mpsl.elf]

Signatures

Mirai

botnet mirai

Mirai family

mirai

Deletes itself

Description Indicator Process Target
N/A N/A /tmp/main_mpsl.elf N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself httpd /tmp/main_mpsl.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/exe /tmp/main_mpsl.elf N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/main_mpsl.elf /tmp/main_mpsl.elf N/A

Processes

/tmp/main_mpsl.elf

[/tmp/main_mpsl.elf]

Network

Country Destination Domain Proto
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
US 1.1.1.1:53 debian12-mipsel-20240418-en-4 udp
US 1.1.1.1:53 debian12-mipsel-20240418-en-4 udp
US 1.1.1.1:53 debian12-mipsel-20240418-en-4 udp
US 1.1.1.1:53 debian12-mipsel-20240418-en-4 udp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp
DE 185.78.76.132:1995 tcp

Files

memory/744-1-0x00400000-0x00473d30-memory.dmp