Overview

overview

10

Static

static

10

amen.mpsl.elf

debian-12-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    amen.mpsl.elf

  • Size

    127KB

  • Sample

    250202-v4d6jssjay

  • MD5

    f2d95d28b97a90e622b8bd9f106d2ed4

  • SHA1

    256aa01fb0c5d2562242608f9efa82bd679ce704

  • SHA256

    f9cdda8699375a49fc8408cfed46cfb40fdf9aa472aee83725a1405ebce3d14e

  • SHA512

    06eb2b8de1cde3a7bcaf21f2d07253015d47e8eab5d623fb4f02cf83f6ef2db0b7d3954f143383bcb6f5bc9e49f0b7703e05b34dcc3116582230da7535a2b0e7

  • SSDEEP

    3072:MMvphBxbaKrzALZoP7rsW5zmBk+Vubk9v62lO:MKTxbaKDXsWVP+V362O

Score
10/10
miraiamencredential_accessdefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

AMEN

Targets

    • Target

      amen.mpsl.elf

    • Size

      127KB

    • MD5

      f2d95d28b97a90e622b8bd9f106d2ed4

    • SHA1

      256aa01fb0c5d2562242608f9efa82bd679ce704

    • SHA256

      f9cdda8699375a49fc8408cfed46cfb40fdf9aa472aee83725a1405ebce3d14e

    • SHA512

      06eb2b8de1cde3a7bcaf21f2d07253015d47e8eab5d623fb4f02cf83f6ef2db0b7d3954f143383bcb6f5bc9e49f0b7703e05b34dcc3116582230da7535a2b0e7

    • SSDEEP

      3072:MMvphBxbaKrzALZoP7rsW5zmBk+Vubk9v62lO:MKTxbaKDXsWVP+V362O

    Score
    9/10
    credential_accessdefense_evasiondiscovery

    • Contacts a large (148096) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Traces itself

      Traces itself to prevent debugging attempts

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks