Overview

overview

10

Static

static

10

zmap.mpsl.elf

debian-9-mipsel

7

Analysis

  • max time kernel
    131s
  • max time network
    151s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240226-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    16-12-2024 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zmap.mpsl.elf

  • Size

    94KB

  • MD5

    d81e9564b8b9d62d70bda936d927d875

  • SHA1

    42706a08b0545984ed5a5cfbdff3fe2ab62ca552

  • SHA256

    c14fead55aee69ec760fdba5f5371922595ad9df3c7201feb088f322043def0d

  • SHA512

    282a8641c62e67b1bde30e1bfbd991493c38155b6dfdb5406a80d69b7b710bfe27fdbe5571363c3f55e2fbb0a447db3789c5609493e24daef3260c2d87417886

  • SSDEEP

    1536:IIdgIHlIodXYtj7eLM/eNLNnCt2ZIzAFy4JZ1BV6I5W/Cd:IIdgIHlIo4mLNCt2ZPFbJrYKd

Score
7/10
defense_evasion

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs

Processes

  • /tmp/zmap.mpsl.elf
    /tmp/zmap.mpsl.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    PID:690

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads