Analysis
-
max time kernel
152s -
max time network
21s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
06-01-2025 07:12
Behavioral task
behavioral1
Sample
wind.mpsl.elf
Resource
debian12-mipsel-20240221-en
debian-12-mipsel
5 signatures
150 seconds
General
-
Target
wind.mpsl.elf
-
Size
28KB
-
MD5
3ac46e031468e3a1b61d989c248fc64b
-
SHA1
67599ad4682f2948c9c329ed7e8b75777a74e1bd
-
SHA256
a45e443726e3f25bae098ce7de31366afb803070e5579eb66fe0017cdac2e863
-
SHA512
f95c38eb8309720c4a2cf0941be79ccbe38091a4afa5576447ab4b118fa1b46bce48bf29ff60380e0e5cfe24053b632344bf219375af5ac586e8c989891424c0
-
SSDEEP
384:1mjOb/7xg3HAp0nwcOESKAhKDn459qfUscwA/75xPuC6DGCabvT95am2xVfRWGVK:aObTx2HrZOKAhn4UswxPu3GdZ5YZWB
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/misc/watchdog wind.mpsl.elf File opened for modification /dev/watchdog wind.mpsl.elf -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog wind.mpsl.elf File opened for modification /bin/watchdog wind.mpsl.elf -
description ioc Process File opened for reading /proc/733/cmdline wind.mpsl.elf File opened for reading /proc/748/cmdline wind.mpsl.elf File opened for reading /proc/774/cmdline wind.mpsl.elf File opened for reading /proc/401/cmdline wind.mpsl.elf File opened for reading /proc/427/cmdline wind.mpsl.elf File opened for reading /proc/428/cmdline wind.mpsl.elf File opened for reading /proc/688/cmdline wind.mpsl.elf File opened for reading /proc/690/cmdline wind.mpsl.elf File opened for reading /proc/435/cmdline wind.mpsl.elf File opened for reading /proc/713/cmdline wind.mpsl.elf File opened for reading /proc/716/cmdline wind.mpsl.elf File opened for reading /proc/757/cmdline wind.mpsl.elf File opened for reading /proc/789/cmdline wind.mpsl.elf File opened for reading /proc/657/cmdline wind.mpsl.elf File opened for reading /proc/692/cmdline wind.mpsl.elf File opened for reading /proc/710/cmdline wind.mpsl.elf File opened for reading /proc/775/cmdline wind.mpsl.elf File opened for reading /proc/776/cmdline wind.mpsl.elf File opened for reading /proc/659/cmdline wind.mpsl.elf File opened for reading /proc/704/cmdline wind.mpsl.elf File opened for reading /proc/717/cmdline wind.mpsl.elf File opened for reading /proc/720/cmdline wind.mpsl.elf File opened for reading /proc/734/cmdline wind.mpsl.elf