Analysis
-
max time kernel
151s -
max time network
156s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240418-en -
resource tags
arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
09-11-2024 07:49
Static task
static1
General
-
Target
smpsl.elf
-
Size
74KB
-
MD5
107dda974cd00da3267888b99a73a4f1
-
SHA1
ac054bd44859cbf1a37cf62b4323661a78da60c6
-
SHA256
9826c3cdd64ad02e73654045b94c3cdf3b9ad1af8fe9cdd53b55f6fe5b4a0ed9
-
SHA512
0d4a8dfb06d89b67cbf0c7b64283a627af90fb20ab88baa61a008cd5a2c4a117405585ba8d246e5c9c03e20fade1cb4aa25c77c3ba63e0fad1fe6fb5e4132ac3
-
SSDEEP
1536:d7vX7ZsaDKarVNxVXDgABsQwOnWynTTYjZK6hk5RW:drX7ZT9TUogjURW
Malware Config
Signatures
-
Contacts a large (86958) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes itself 1 IoCs
Processes:
smpsl.elfpid process 742 smpsl.elf -
Unexpected DNS network traffic destination 22 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 202.61.197.122 Destination IP 109.91.184.21 Destination IP 130.61.69.123 Destination IP 178.254.22.166 Destination IP 185.181.61.24 Destination IP 37.252.191.197 Destination IP 70.34.254.19 Destination IP 185.84.81.194 Destination IP 138.197.140.189 Destination IP 70.34.254.19 Destination IP 194.36.144.87 Destination IP 51.158.108.203 Destination IP 194.36.144.87 Destination IP 192.71.166.92 Destination IP 178.254.22.166 Destination IP 195.10.195.195 Destination IP 88.198.92.222 Destination IP 94.247.43.254 Destination IP 65.21.1.106 Destination IP 195.10.195.195 Destination IP 109.91.184.21 Destination IP 70.34.254.19 -
Checks hardware identifiers (DMI) 1 TTPs 1 IoCs
Checks DMI information which indicate if the system is a virtual machine.
Processes:
smpsl.elfdescription ioc process File opened for reading /sys/devices/virtual/dmi/id/sys_vendor smpsl.elf