Analysis
-
max time kernel
152s -
max time network
165s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
25/07/2024, 15:11
Static task
static1
Behavioral task
behavioral1
Sample
mpsl.elf
Resource
debian12-mipsel-20240221-en
4 signatures
150 seconds
General
-
Target
mpsl.elf
-
Size
71KB
-
MD5
7e743466bf9aac98df72dc8ee8767b22
-
SHA1
81a197a47ade918aee407e60c6703ec1523a5376
-
SHA256
7eefc3fd96c921e9dbd1866159c24be1b903e9e190fb4e05a702e584d0f9e3d1
-
SHA512
85857476d2b8a24db910163184c736b896bfce1591270a18c2a0c44309733094982600e11d077b190f142234139c4ac5d841de63efad4965ac4477f3925b742b
-
SSDEEP
768:lqwATxpQ5e+y4rPv5Y6ZDSP6gSOee2etJeGa7N/kWjrXilvo2KXZY10Uj7:lCTxq55YADSP6X/74JVSN/nJ26a10o
Score
9/10
Malware Config
Signatures
-
Contacts a large (104757) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself PUUU Y_ _ _ ]] 741 mpsl.elf -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/\]NOYL[P\W_8 mpsl.elf File opened for modification /tmp/\]N~lo|l gOYL[P\W_8 mpsl.elf