Analysis
-
max time kernel
150s -
max time network
154s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
-
submitted
30/11/2024, 13:50
General
-
Target
loligang.mpsl.elf
-
Size
103KB
-
MD5
8a608a30b3bec3eb52a19a979e016c22
-
SHA1
03314f499acd0cd6bff02e091359bfa51eefdf11
-
SHA256
9ee1ffe3520dca4f434ae9cdd9bc0f6aa3dfab036a0928ac161a5290eb407e45
-
SHA512
f1d806a476d18321470cbb267348165a9ecc36d0d6988c1af441bb0dbeb4a129086a18bcf5ac757e55cdb0395f9e4bd7298f00fec7dfea43cce2abbf2699c0c9
-
SSDEEP
1536:d7fjpr4NEQu3p0ZwIGH5PbpTBRRtBeiZebzELYRiYp:d7fjpr53pndeis982
Malware Config
Signatures
-
Contacts a large (20505) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 45 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/loligang.mpsl.elf/tmp/loligang.mpsl.elf1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads system network configuration
- Reads runtime system information