Overview

overview

10

Static

static

10

botx.mpsl.elf

debian-12-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    botx.mpsl.elf

  • Size

    71KB

  • Sample

    241230-es2vgaxpfz

  • MD5

    a3f985a018e2ddfc97ce78fcea072bce

  • SHA1

    409ea4c6827193bd9724d48e6fd39715ea86b0bd

  • SHA256

    56979f6909591f377fbf808bbddf134d1b0aff03e869f7fa7da7bdebe037475d

  • SHA512

    bd16a7d1b4e58f62a2c6ab536ec7fe43aff8a9c19a976475119b4c42fa56de773ef110576bf371c47bc393f7cf396b82c81ed75ef76849319285bdbfd34209be

  • SSDEEP

    1536:FDTxZkvEYxEosp+eHTX7/0LH0Zm0Fmaxb+10W6G:FHxZkvGpAr0txeH

Score
10/10
miraidefense_evasiondiscovery

Malware Config

Targets

    • Target

      botx.mpsl.elf

    • Size

      71KB

    • MD5

      a3f985a018e2ddfc97ce78fcea072bce

    • SHA1

      409ea4c6827193bd9724d48e6fd39715ea86b0bd

    • SHA256

      56979f6909591f377fbf808bbddf134d1b0aff03e869f7fa7da7bdebe037475d

    • SHA512

      bd16a7d1b4e58f62a2c6ab536ec7fe43aff8a9c19a976475119b4c42fa56de773ef110576bf371c47bc393f7cf396b82c81ed75ef76849319285bdbfd34209be

    • SSDEEP

      1536:FDTxZkvEYxEosp+eHTX7/0LH0Zm0Fmaxb+10W6G:FHxZkvGpAr0txeH

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (50281) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks