General

  • Target

    mpsl.elf

  • Size

    111KB

  • Sample

    241221-xb62zawlhz

  • MD5

    ffbb7b2ef9a07c4dc7d6917ea074ac94

  • SHA1

    37d74c8556bf6e0a1c6c642aa328716d4d6c408e

  • SHA256

    6d86970fb5382352223a77426651efb670ec8d215db523de07d62d21cac9fe18

  • SHA512

    d8ff5442fa331993bf1a92406a3e69f0462c4b35d1cc94a3264f356dc55dbd85b227bcfc5019e33b74cf30bbaf32b832690e60b416ea61960a079cdad04adfd1

  • SSDEEP

    1536:EjNqYfvnf5wU5sw03TxP3HmbNILO8HIIXZRsvRT1Ss1EM:0UYfvnf5wU5HT8HIIXal1EM

Malware Config

Extracted

Family

mirai

Botnet

OWARI

Targets

    • Target

      mpsl.elf

    • Size

      111KB

    • MD5

      ffbb7b2ef9a07c4dc7d6917ea074ac94

    • SHA1

      37d74c8556bf6e0a1c6c642aa328716d4d6c408e

    • SHA256

      6d86970fb5382352223a77426651efb670ec8d215db523de07d62d21cac9fe18

    • SHA512

      d8ff5442fa331993bf1a92406a3e69f0462c4b35d1cc94a3264f356dc55dbd85b227bcfc5019e33b74cf30bbaf32b832690e60b416ea61960a079cdad04adfd1

    • SSDEEP

      1536:EjNqYfvnf5wU5sw03TxP3HmbNILO8HIIXZRsvRT1Ss1EM:0UYfvnf5wU5HT8HIIXal1EM

    • Contacts a large (48983) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks