Analysis
-
max time kernel
124s -
max time network
156s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20230831-en -
resource tags
arch:mipselimage:debian9-mipsel-20230831-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
12-10-2023 00:37
Behavioral task
behavioral1
Sample
mpsl.elf
Resource
debian9-mipsel-20230831-en
debian-9-mipsel
5 signatures
150 seconds
General
-
Target
mpsl.elf
-
Size
194KB
-
MD5
32e65584b70e837be41c400747a4ee54
-
SHA1
46b248cb420356ee18c63e71e2b185f9be892ff6
-
SHA256
c02575dfb004b55e7db58eb3f03c37a284b558b0d289cfdb95834178f161ee39
-
SHA512
bc967e75d18d0c322cb4017c24d6c063ba7e666f16cd633082e8e9f1d0d9293672df778e389d1e852c62088243806cdf1012096bf90589d5838de2fa44e10f41
-
SSDEEP
3072:dhsvvuT31TR/CZA1W5yFICMEnnGjtlNnTxhXMwM:dhsvvqRoAg53CMwStnTf
Score
9/10
Malware Config
Signatures
-
Contacts a large (75157) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself C M 335 mpsl.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/115/status File opened for reading /proc/256/status File opened for reading /proc/17/cmdline File opened for reading /proc/67/cmdline File opened for reading /proc/349/cmdline File opened for reading /proc/17/status File opened for reading /proc/284/status File opened for reading /proc/6/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/fs/cmdline File opened for reading /proc/351/cmdline File opened for reading /proc/2/status File opened for reading /proc/3/status File opened for reading /proc/20/status File opened for reading /proc/139/cmdline File opened for reading /proc/289/cmdline File opened for reading /proc/222/status File opened for reading /proc/79/cmdline File opened for reading /proc/146/cmdline File opened for reading /proc/235/cmdline File opened for reading /proc/tty/cmdline File opened for reading /proc/139/status File opened for reading /proc/340/status File opened for reading /proc/363/status File opened for reading /proc/336/status File opened for reading /proc/7/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/73/cmdline File opened for reading /proc/300/cmdline File opened for reading /proc/350/status File opened for reading /proc/214/status File opened for reading /proc/336/cmdline File opened for reading /proc/18/status File opened for reading /proc/18/cmdline File opened for reading /proc/37/cmdline File opened for reading /proc/70/cmdline File opened for reading /proc/78/cmdline File opened for reading /proc/224/cmdline File opened for reading /proc/4/status File opened for reading /proc/7/status File opened for reading /proc/223/status File opened for reading /proc/330/cmdline File opened for reading /proc/8/status File opened for reading /proc/13/status File opened for reading /proc/82/status File opened for reading /proc/69/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/352/status File opened for reading /proc/14/status File opened for reading /proc/300/status File opened for reading /proc/114/cmdline File opened for reading /proc/21/status File opened for reading /proc/37/status File opened for reading /proc/67/status File opened for reading /proc/84/status File opened for reading /proc/68/cmdline File opened for reading /proc/284/cmdline File opened for reading /proc/360/status File opened for reading /proc/6/status File opened for reading /proc/333/status File opened for reading /proc/9/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/291/cmdline File opened for reading /proc/340/cmdline