5e579eab1ed72088e03bf1a462e9022551d463b42a40f12be45fc4451b5a4215

Analysis

max time kernel
150s
max time network
149s
platform
debian-9_mipsel
resource
debian9-mipsel-20240418-en
resource tags

arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
16-01-2025 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

byte.mpsl.elf
Size

106KB
MD5

0f63f0a1140c72fcda6e8fed05dadbfe
SHA1

d3a718f2a790d5cd37c3d5b46fe6899ce9a38651
SHA256

5e579eab1ed72088e03bf1a462e9022551d463b42a40f12be45fc4451b5a4215
SHA512

ff49fceaa5baa4fc1114291cccee87bd0571461a17375109ed6ed5edf3668a66ec93deb432507c91611cbe888158d381f9a20b9dca6af8b4b9d9a8163012cfbd
SSDEEP

1536:jyuo5zfiQN84NeR+QMBpx5AJltiwsGZMaKVHM7l61d6Om2flDH:2uQzfiQNT6tcGCQ4Jm+1H

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	byte.mpsl.elf
File opened for modification	/dev/misc/watchdog	byte.mpsl.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/773/cmdline	byte.mpsl.elf
File opened for reading	/proc/814/cmdline	byte.mpsl.elf
File opened for reading	/proc/20/cmdline	byte.mpsl.elf
File opened for reading	/proc/159/cmdline	byte.mpsl.elf
File opened for reading	/proc/750/cmdline	byte.mpsl.elf
File opened for reading	/proc/753/cmdline	byte.mpsl.elf
File opened for reading	/proc/777/cmdline	byte.mpsl.elf
File opened for reading	/proc/783/cmdline	byte.mpsl.elf
File opened for reading	/proc/719/cmdline	byte.mpsl.elf
File opened for reading	/proc/741/cmdline	byte.mpsl.elf
File opened for reading	/proc/738/cmdline	byte.mpsl.elf
File opened for reading	/proc/749/cmdline	byte.mpsl.elf
File opened for reading	/proc/752/cmdline	byte.mpsl.elf
File opened for reading	/proc/789/cmdline	byte.mpsl.elf
File opened for reading	/proc/794/cmdline	byte.mpsl.elf
File opened for reading	/proc/320/cmdline	byte.mpsl.elf
File opened for reading	/proc/676/cmdline	byte.mpsl.elf
File opened for reading	/proc/11/cmdline	byte.mpsl.elf
File opened for reading	/proc/67/cmdline	byte.mpsl.elf
File opened for reading	/proc/739/cmdline	byte.mpsl.elf
File opened for reading	/proc/743/cmdline	byte.mpsl.elf
File opened for reading	/proc/786/cmdline	byte.mpsl.elf
File opened for reading	/proc/795/cmdline	byte.mpsl.elf
File opened for reading	/proc/7/cmdline	byte.mpsl.elf
File opened for reading	/proc/8/cmdline	byte.mpsl.elf
File opened for reading	/proc/798/cmdline	byte.mpsl.elf
File opened for reading	/proc/807/cmdline	byte.mpsl.elf
File opened for reading	/proc/154/cmdline	byte.mpsl.elf
File opened for reading	/proc/812/cmdline	byte.mpsl.elf
File opened for reading	/proc/12/cmdline	byte.mpsl.elf
File opened for reading	/proc/237/cmdline	byte.mpsl.elf
File opened for reading	/proc/81/cmdline	byte.mpsl.elf
File opened for reading	/proc/371/cmdline	byte.mpsl.elf
File opened for reading	/proc/23/cmdline	byte.mpsl.elf
File opened for reading	/proc/68/cmdline	byte.mpsl.elf
File opened for reading	/proc/388/cmdline	byte.mpsl.elf
File opened for reading	/proc/726/cmdline	byte.mpsl.elf
File opened for reading	/proc/125/cmdline	byte.mpsl.elf
File opened for reading	/proc/322/cmdline	byte.mpsl.elf
File opened for reading	/proc/706/cmdline	byte.mpsl.elf
File opened for reading	/proc/732/cmdline	byte.mpsl.elf
File opened for reading	/proc/735/cmdline	byte.mpsl.elf
File opened for reading	/proc/744/cmdline	byte.mpsl.elf
File opened for reading	/proc/15/cmdline	byte.mpsl.elf
File opened for reading	/proc/19/cmdline	byte.mpsl.elf
File opened for reading	/proc/345/cmdline	byte.mpsl.elf
File opened for reading	/proc/754/cmdline	byte.mpsl.elf
File opened for reading	/proc/71/cmdline	byte.mpsl.elf
File opened for reading	/proc/75/cmdline	byte.mpsl.elf
File opened for reading	/proc/757/cmdline	byte.mpsl.elf
File opened for reading	/proc/763/cmdline	byte.mpsl.elf
File opened for reading	/proc/767/cmdline	byte.mpsl.elf
File opened for reading	/proc/813/cmdline	byte.mpsl.elf
File opened for reading	/proc/17/cmdline	byte.mpsl.elf
File opened for reading	/proc/21/cmdline	byte.mpsl.elf
File opened for reading	/proc/720/cmdline	byte.mpsl.elf
File opened for reading	/proc/790/cmdline	byte.mpsl.elf
File opened for reading	/proc/796/cmdline	byte.mpsl.elf
File opened for reading	/proc/809/cmdline	byte.mpsl.elf
File opened for reading	/proc/323/cmdline	byte.mpsl.elf
File opened for reading	/proc/349/cmdline	byte.mpsl.elf
File opened for reading	/proc/77/cmdline	byte.mpsl.elf
File opened for reading	/proc/5/cmdline	byte.mpsl.elf
File opened for reading	/proc/37/cmdline	byte.mpsl.elf

/tmp/byte.mpsl.elf
/tmp/byte.mpsl.elf
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
PID:729

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads