Extracted

• • Target

    TRC.mpsl.elf

  • Size

    103KB

  • MD5

    f028cd670af125ec27fdb6b33d501eb1

  • SHA1

    937a55bd605bb116485e9482614de6482790ca26

  • SHA256

    4802abc59f6a6fb19007440e97ab34e5623218a84f6f66e2fcd0162f32dde954

  • SHA512

    e66fd59e770641b712ea7253ee741e8bb6db0d328be699e374be086f65bd2c5bca8d461aeb9ae3403f2e15b4fba3e9a190abc7caa32d499c900df0dfcc7bc56d

  • SSDEEP

    1536:/lIfNr1NXwQNYQwYfCswPOA53LX7UXbjZjVDoilg:tIfjNkCZbj

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (17029) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  behavioral1