Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240418-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    09-11-2024 07:49

General

  • Target

    smpsl.elf

  • Size

    74KB

  • MD5

    107dda974cd00da3267888b99a73a4f1

  • SHA1

    ac054bd44859cbf1a37cf62b4323661a78da60c6

  • SHA256

    9826c3cdd64ad02e73654045b94c3cdf3b9ad1af8fe9cdd53b55f6fe5b4a0ed9

  • SHA512

    0d4a8dfb06d89b67cbf0c7b64283a627af90fb20ab88baa61a008cd5a2c4a117405585ba8d246e5c9c03e20fade1cb4aa25c77c3ba63e0fad1fe6fb5e4132ac3

  • SSDEEP

    1536:d7vX7ZsaDKarVNxVXDgABsQwOnWynTTYjZK6hk5RW:drX7ZT9TUogjURW

Score
9/10

Malware Config

Signatures

  • Contacts a large (86958) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Deletes itself 1 IoCs
  • Unexpected DNS network traffic destination 22 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks hardware identifiers (DMI) 1 TTPs 1 IoCs

    Checks DMI information which indicate if the system is a virtual machine.

Processes

  • /tmp/smpsl.elf
    /tmp/smpsl.elf
    1⤵
    • Deletes itself
    • Checks hardware identifiers (DMI)
    PID:742

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads