Extracted

• • Target

    xd.mpsl.elf

  • Size

    31KB

  • MD5

    9b73eb8559c4fd0e08ff4633ad6e3ea9

  • SHA1

    ac67015a4818aee4716952357b6ea54f128474d5

  • SHA256

    a7a63f861864ca132089d86bd050bd692f0f2c1d204ce12f7622f74ff133521a

  • SHA512

    5f21c3d51ff22e45ead4d91c9bd093e542742da3e0e332f2c175e39be9eb22ab6c1cd16d58874db07753b83298010a584146aad1dcf8b5a6fad5a94cbd4a5cba

  • SSDEEP

    384:X3fpCLrsjHIX69URc+hmnulY1qHprFKt6zhS45vDajssVwf8ynUAVa39RWGVCz09:nfpWcehzJFYKgULAssKfFBa3LWS

  Score

  10^/10

  mirailzrdbotnetdefense_evasiondiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (20776) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1