Analysis
-
max time kernel
155s -
max time network
194s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
-
submitted
24/03/2025, 11:26
General
-
Target
g4za.mpsl.elf
-
Size
106KB
-
MD5
ed2b7029eb271f664ad2d1d6cf1e35c0
-
SHA1
6cd7d31b5aa658a51ab2d67e6b2601b5dd41439f
-
SHA256
0faeb27bd79cd96a6e59f93bafc66d50552a9ae1b6150a2436b55138dcb5bff7
-
SHA512
68d5d6aad359741593ae097bc6e7245168e08a2e1268353653a2d70dcdedb1a0fd393ada7874f53453acf7eb7d84335efc1c7ad2a75dbf57854b32f7916ca3bf
-
SSDEEP
1536:sAcC99ax1OOEEX8DZnMiNj7GYoGmFPCQvGgscOYgtZ8Tm:sZC99axQObKMiBdgscO9om
Malware Config
Signatures
-
Contacts a large (120580) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads process memory 1 TTPs 22 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-
Changes its process name 1 IoCs
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes
-
/tmp/g4za.mpsl.elf/tmp/g4za.mpsl.elf1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads process memory
- Changes its process name
- Reads system network configuration