02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e

Analysis

max time kernel
150s
max time network
147s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
17-08-2024 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.mpsl.elf
Size

173KB
MD5

31d6a09621d510f09ce143b7b60ff9c9
SHA1

c3db40e7722f367ff8b33301a93f1ae1f3d30ee1
SHA256

02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e
SHA512

f7d1498d39ea6dedeb44a30b118828128b5c321dffce651cd2c11288065c55962397ebc2876d2d0a12692e57aa554887b616b2a20ab2071f07f6235d58260498
SSDEEP

3072:ueEksFM+wX5OTaVR8H3NaMZOTTMJxt9U+7fKbZE:ueEnO+wXfVWdaMATwJHy+ut

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

Processes:

bot.mpsl.elf

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	717	bot.mpsl.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

bot.mpsl.elf

description	ioc	Process
File opened for reading	/proc/11/cmdline	bot.mpsl.elf
File opened for reading	/proc/15/cmdline	bot.mpsl.elf
File opened for reading	/proc/169/cmdline	bot.mpsl.elf
File opened for reading	/proc/682/cmdline	bot.mpsl.elf
File opened for reading	/proc/744/cmdline	bot.mpsl.elf
File opened for reading	/proc/770/cmdline	bot.mpsl.elf
File opened for reading	/proc/786/cmdline	bot.mpsl.elf
File opened for reading	/proc/811/cmdline	bot.mpsl.elf
File opened for reading	/proc/7/cmdline	bot.mpsl.elf
File opened for reading	/proc/16/cmdline	bot.mpsl.elf
File opened for reading	/proc/781/cmdline	bot.mpsl.elf
File opened for reading	/proc/783/cmdline	bot.mpsl.elf
File opened for reading	/proc/815/cmdline	bot.mpsl.elf
File opened for reading	/proc/18/cmdline	bot.mpsl.elf
File opened for reading	/proc/22/cmdline	bot.mpsl.elf
File opened for reading	/proc/746/cmdline	bot.mpsl.elf
File opened for reading	/proc/755/cmdline	bot.mpsl.elf
File opened for reading	/proc/762/cmdline	bot.mpsl.elf
File opened for reading	/proc/794/cmdline	bot.mpsl.elf
File opened for reading	/proc/5/cmdline	bot.mpsl.elf
File opened for reading	/proc/335/cmdline	bot.mpsl.elf
File opened for reading	/proc/440/cmdline	bot.mpsl.elf
File opened for reading	/proc/730/cmdline	bot.mpsl.elf
File opened for reading	/proc/769/cmdline	bot.mpsl.elf
File opened for reading	/proc/804/cmdline	bot.mpsl.elf
File opened for reading	/proc/814/cmdline	bot.mpsl.elf
File opened for reading	/proc/722/cmdline	bot.mpsl.elf
File opened for reading	/proc/734/cmdline	bot.mpsl.elf
File opened for reading	/proc/780/cmdline	bot.mpsl.elf
File opened for reading	/proc/72/cmdline	bot.mpsl.elf
File opened for reading	/proc/109/cmdline	bot.mpsl.elf
File opened for reading	/proc/673/cmdline	bot.mpsl.elf
File opened for reading	/proc/715/cmdline	bot.mpsl.elf
File opened for reading	/proc/782/cmdline	bot.mpsl.elf
File opened for reading	/proc/812/cmdline	bot.mpsl.elf
File opened for reading	/proc/13/cmdline	bot.mpsl.elf
File opened for reading	/proc/23/cmdline	bot.mpsl.elf
File opened for reading	/proc/73/cmdline	bot.mpsl.elf
File opened for reading	/proc/175/cmdline	bot.mpsl.elf
File opened for reading	/proc/768/cmdline	bot.mpsl.elf
File opened for reading	/proc/789/cmdline	bot.mpsl.elf
File opened for reading	/proc/806/cmdline	bot.mpsl.elf
File opened for reading	/proc/70/cmdline	bot.mpsl.elf
File opened for reading	/proc/718/cmdline	bot.mpsl.elf
File opened for reading	/proc/765/cmdline	bot.mpsl.elf
File opened for reading	/proc/773/cmdline	bot.mpsl.elf
File opened for reading	/proc/787/cmdline	bot.mpsl.elf
File opened for reading	/proc/796/cmdline	bot.mpsl.elf
File opened for reading	/proc/719/cmdline	bot.mpsl.elf
File opened for reading	/proc/737/cmdline	bot.mpsl.elf
File opened for reading	/proc/756/cmdline	bot.mpsl.elf
File opened for reading	/proc/771/cmdline	bot.mpsl.elf
File opened for reading	/proc/800/cmdline	bot.mpsl.elf
File opened for reading	/proc/802/cmdline	bot.mpsl.elf
File opened for reading	/proc/37/cmdline	bot.mpsl.elf
File opened for reading	/proc/758/cmdline	bot.mpsl.elf
File opened for reading	/proc/760/cmdline	bot.mpsl.elf
File opened for reading	/proc/763/cmdline	bot.mpsl.elf
File opened for reading	/proc/788/cmdline	bot.mpsl.elf
File opened for reading	/proc/809/cmdline	bot.mpsl.elf
File opened for reading	/proc/9/cmdline	bot.mpsl.elf
File opened for reading	/proc/745/cmdline	bot.mpsl.elf
File opened for reading	/proc/754/cmdline	bot.mpsl.elf
File opened for reading	/proc/774/cmdline	bot.mpsl.elf

/tmp/bot.mpsl.elf
/tmp/bot.mpsl.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:717

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads