Analysis
-
max time kernel
152s -
max time network
163s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
09-12-2024 16:00
Behavioral task
behavioral1
Sample
sora.mpsl.elf
Resource
debian12-mipsel-20240221-en
debian-12-mipsel
7 signatures
150 seconds
General
-
Target
sora.mpsl.elf
-
Size
79KB
-
MD5
f38da917978d88855ecf8da376ddca08
-
SHA1
80875703d185d63d9c50bb769f713792b36e0f12
-
SHA256
636f2bb514e461c2914afa64f05550d18579e58d0404a2f914449068f9ed6f86
-
SHA512
21a4d364c11420f163d08780d868a6d067025a1ec01bf10ed64f33d02726c89971375f06aaaa1d5be12639457776d6ae0b389f3fdca14d805b473376a1cbf7d7
-
SSDEEP
1536:SuSFceW8JP33UBLwYpWoPPcsVsSbBD1OVeBSFR:/SqeT3EB8M1Of
Score
9/10
Malware Config
Signatures
-
Contacts a large (17703) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog sora.mpsl.elf File opened for modification /dev/misc/watchdog sora.mpsl.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp sora.mpsl.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp sora.mpsl.elf -
description ioc Process File opened for reading /proc/731/exe sora.mpsl.elf File opened for reading /proc/789/exe sora.mpsl.elf File opened for reading /proc/926/exe sora.mpsl.elf File opened for reading /proc/744/fd sora.mpsl.elf File opened for reading /proc/745/fd sora.mpsl.elf File opened for reading /proc/941/exe sora.mpsl.elf File opened for reading /proc/989/exe sora.mpsl.elf File opened for reading /proc/999/exe sora.mpsl.elf File opened for reading /proc/410/fd sora.mpsl.elf File opened for reading /proc/742/exe sora.mpsl.elf File opened for reading /proc/832/exe sora.mpsl.elf File opened for reading /proc/842/exe sora.mpsl.elf File opened for reading /proc/878/exe sora.mpsl.elf File opened for reading /proc/880/exe sora.mpsl.elf File opened for reading /proc/961/exe sora.mpsl.elf File opened for reading /proc/1022/exe sora.mpsl.elf File opened for reading /proc/180/fd sora.mpsl.elf File opened for reading /proc/714/exe sora.mpsl.elf File opened for reading /proc/711/exe sora.mpsl.elf File opened for reading /proc/631/exe sora.mpsl.elf File opened for reading /proc/943/exe sora.mpsl.elf File opened for reading /proc/852/exe sora.mpsl.elf File opened for reading /proc/421/fd sora.mpsl.elf File opened for reading /proc/407/exe sora.mpsl.elf File opened for reading /proc/888/exe sora.mpsl.elf File opened for reading /proc/902/exe sora.mpsl.elf File opened for reading /proc/1023/exe sora.mpsl.elf File opened for reading /proc/721/exe sora.mpsl.elf File opened for reading /proc/857/exe sora.mpsl.elf File opened for reading /proc/362/fd sora.mpsl.elf File opened for reading /proc/1019/exe sora.mpsl.elf File opened for reading /proc/753/exe sora.mpsl.elf File opened for reading /proc/958/exe sora.mpsl.elf File opened for reading /proc/919/exe sora.mpsl.elf File opened for reading /proc/1025/exe sora.mpsl.elf File opened for reading /proc/1046/exe sora.mpsl.elf File opened for reading /proc/692/fd sora.mpsl.elf File opened for reading /proc/410/exe sora.mpsl.elf File opened for reading /proc/694/fd sora.mpsl.elf File opened for reading /proc/411/exe sora.mpsl.elf File opened for reading /proc/936/exe sora.mpsl.elf File opened for reading /proc/962/exe sora.mpsl.elf File opened for reading /proc/712/fd sora.mpsl.elf File opened for reading /proc/899/exe sora.mpsl.elf File opened for reading /proc/834/exe sora.mpsl.elf File opened for reading /proc/843/exe sora.mpsl.elf File opened for reading /proc/859/exe sora.mpsl.elf File opened for reading /proc/915/exe sora.mpsl.elf File opened for reading /proc/718/exe sora.mpsl.elf File opened for reading /proc/797/exe sora.mpsl.elf File opened for reading /proc/775/exe sora.mpsl.elf File opened for reading /proc/904/exe sora.mpsl.elf File opened for reading /proc/966/exe sora.mpsl.elf File opened for reading /proc/202/fd sora.mpsl.elf File opened for reading /proc/711/fd sora.mpsl.elf File opened for reading /proc/967/exe sora.mpsl.elf File opened for reading /proc/714/fd sora.mpsl.elf File opened for reading /proc/800/exe sora.mpsl.elf File opened for reading /proc/787/exe sora.mpsl.elf File opened for reading /proc/1001/exe sora.mpsl.elf File opened for reading /proc/630/exe sora.mpsl.elf File opened for reading /proc/786/exe sora.mpsl.elf File opened for reading /proc/906/exe sora.mpsl.elf File opened for reading /proc/795/exe sora.mpsl.elf