General

  • Target

    mpsl.elf

  • Size

    102KB

  • Sample

    241219-ta2t3svlft

  • MD5

    7685278d890ff333795359ac7b55f89b

  • SHA1

    542d65e4d37711ae7bb465969590f194db874764

  • SHA256

    bd0d519784f75d0ba59611dbfb3d97cf172a1e4be8f1f98c5ff9dcf7ba386f75

  • SHA512

    6f6345fc3323ce77f20e191d3e519041833eb7683b9c2074a07b85fcbbe72ad69cce2125a4c998665b4b5e69920efd739f9506ef8c1bb6f1b9965577ff5ee8cd

  • SSDEEP

    1536:CBU/Ehehzdbw0vX9xPlzgdtxJUBr9eCwACZpEAIKYR1l:CG/EhehzaFtxtCwACFU1l

Malware Config

Extracted

Family

mirai

Botnet

OWARI

Targets

    • Target

      mpsl.elf

    • Size

      102KB

    • MD5

      7685278d890ff333795359ac7b55f89b

    • SHA1

      542d65e4d37711ae7bb465969590f194db874764

    • SHA256

      bd0d519784f75d0ba59611dbfb3d97cf172a1e4be8f1f98c5ff9dcf7ba386f75

    • SHA512

      6f6345fc3323ce77f20e191d3e519041833eb7683b9c2074a07b85fcbbe72ad69cce2125a4c998665b4b5e69920efd739f9506ef8c1bb6f1b9965577ff5ee8cd

    • SSDEEP

      1536:CBU/Ehehzdbw0vX9xPlzgdtxJUBr9eCwACZpEAIKYR1l:CG/EhehzaFtxtCwACFU1l

    • Contacts a large (49613) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

MITRE ATT&CK Enterprise v15

Tasks