6af1aed67c38f6e2a207c731347ecb984d8545ea7d2a4e2811f3e81702b3a889

Analysis

max time kernel
1s
max time network
5s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
27-12-2024 13:15

Sharing

Copy URL

Twitter E-mail

Reason

Reading agent response: unexpected EOF

Report Analysis Logs

General

Target

byte.mpsl.elf
Size

106KB
MD5

5eb2edce17e55a31ffa388ae08ba6245
SHA1

79f5b95ccb89ec9375e083e2e78d8cffa107ab40
SHA256

6af1aed67c38f6e2a207c731347ecb984d8545ea7d2a4e2811f3e81702b3a889
SHA512

3dab64074597cd55ace8ba99c8f117fef32bedc4ae1376d7388d3122a5f297b4290a854329d34967fdcbcedddbecddc0aa1cf4503352ab70be38f84a2b9215a4
SSDEEP

1536:EiuIJqfyQd84UB/Qc857JAZ559xWcfZcKalcMbl61d6kGGflDa:/ugqfyQdDu59jfpo4HGO1a

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	byte.mpsl.elf
File opened for modification	/dev/misc/watchdog	byte.mpsl.elf

Reads runtime system information 14 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/12/cmdline	byte.mpsl.elf
File opened for reading	/proc/13/cmdline	byte.mpsl.elf
File opened for reading	/proc/5/cmdline	byte.mpsl.elf
File opened for reading	/proc/6/cmdline	byte.mpsl.elf
File opened for reading	/proc/7/cmdline	byte.mpsl.elf
File opened for reading	/proc/9/cmdline	byte.mpsl.elf
File opened for reading	/proc/10/cmdline	byte.mpsl.elf
File opened for reading	/proc/11/cmdline	byte.mpsl.elf
File opened for reading	/proc/1/cmdline	byte.mpsl.elf
File opened for reading	/proc/2/cmdline	byte.mpsl.elf
File opened for reading	/proc/3/cmdline	byte.mpsl.elf
File opened for reading	/proc/14/cmdline	byte.mpsl.elf
File opened for reading	/proc/4/cmdline	byte.mpsl.elf
File opened for reading	/proc/8/cmdline	byte.mpsl.elf

/tmp/byte.mpsl.elf
/tmp/byte.mpsl.elf
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
PID:743

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads