General
-
Target
mpsl.elf
-
Size
90KB
-
Sample
250308-m74xdawlt8
-
MD5
0aa463b70a8eb480887f0b4d0c939677
-
SHA1
970f82bfe628766c623187cfd135ba1b91c6c059
-
SHA256
b603668b376b54caba315ee0cdd13ac0a6ddc194d271c4aee822add6f923077d
-
SHA512
f9eb48ac66923d8bcd38327a5f7acac53559352e0286f7eb762bf86a0d5b2c8a33755635e77feac428629fca19784333a330bcac6ce60797464c94f3b73ab6ad
-
SSDEEP
1536:a5DnSB+v5gjQm2Q17xk49d6xZLu8vJ4TGo8S:a5TSB+v5gjQmp1GFrvhrS
Malware Config
Extracted
mirai
WICKED
Targets
-
-
Target
mpsl.elf
-
Size
90KB
-
MD5
0aa463b70a8eb480887f0b4d0c939677
-
SHA1
970f82bfe628766c623187cfd135ba1b91c6c059
-
SHA256
b603668b376b54caba315ee0cdd13ac0a6ddc194d271c4aee822add6f923077d
-
SHA512
f9eb48ac66923d8bcd38327a5f7acac53559352e0286f7eb762bf86a0d5b2c8a33755635e77feac428629fca19784333a330bcac6ce60797464c94f3b73ab6ad
-
SSDEEP
1536:a5DnSB+v5gjQm2Q17xk49d6xZLu8vJ4TGo8S:a5TSB+v5gjQmp1GFrvhrS
Score9/10-
Contacts a large (87010) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-