6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4

Analysis

max time kernel
4s
max time network
4s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
15/12/2024, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mpsl.elf
Size

72KB
MD5

625ffce6ca0ee0e0b066a8cd5a432d56
SHA1

edd481dec8d6b1dd1c82e65a444dd196aced3ff8
SHA256

6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4
SHA512

a5052e98f93f29cd757d8f3d1361b64f56bbd351908c2a0bf3b96d54e4b805b04dd906824c755842c8b28c97281eb90e2e3908a707b231dd7473b5e9dcdf7029
SSDEEP

768:K3sJmkq/lhWHgJvd8p6EF5Des4ReDB2wJ2iwgugBI2ZpMIXi5Ij7+eOcIoJhwnNS:KcJmkC1W5B4RcBvC8W2ZpMe7+pcI3nN

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
709	mpsl.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 7 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	710	mpsl.elf
Changes the process name, possibly in an attempt to hide itself	nginx	711	mpsl.elf
Changes the process name, possibly in an attempt to hide itself	inetd	712	mpsl.elf
Changes the process name, possibly in an attempt to hide itself	sshd	714	mpsl.elf
Changes the process name, possibly in an attempt to hide itself	bash	712	mpsl.elf
Changes the process name, possibly in an attempt to hide itself	inetd	740	mpsl.elf
Changes the process name, possibly in an attempt to hide itself	sshd	741	mpsl.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/78/cmdline	mpsl.elf
File opened for reading	/proc/70/cmdline	mpsl.elf
File opened for reading	/proc/18/cmdline	mpsl.elf
File opened for reading	/proc/349/cmdline	mpsl.elf
File opened for reading	/proc/379/cmdline	mpsl.elf
File opened for reading	/proc/674/cmdline	mpsl.elf
File opened for reading	/proc/8/cmdline	mpsl.elf
File opened for reading	/proc/684/cmdline	mpsl.elf
File opened for reading	/proc/126/cmdline	mpsl.elf
File opened for reading	/proc/13/cmdline	mpsl.elf
File opened for reading	/proc/17/cmdline	mpsl.elf
File opened for reading	/proc/19/cmdline	mpsl.elf
File opened for reading	/proc/73/cmdline	mpsl.elf
File opened for reading	/proc/76/cmdline	mpsl.elf
File opened for reading	/proc/109/cmdline	mpsl.elf
File opened for reading	/proc/125/cmdline	mpsl.elf
File opened for reading	/proc/12/cmdline	mpsl.elf
File opened for reading	/proc/179/cmdline	mpsl.elf
File opened for reading	/proc/324/cmdline	mpsl.elf
File opened for reading	/proc/470/cmdline	mpsl.elf
File opened for reading	/proc/707/cmdline	mpsl.elf
File opened for reading	/proc/157/cmdline	mpsl.elf
File opened for reading	/proc/5/cmdline	mpsl.elf
File opened for reading	/proc/10/cmdline	mpsl.elf
File opened for reading	/proc/11/cmdline	mpsl.elf
File opened for reading	/proc/20/cmdline	mpsl.elf
File opened for reading	/proc/36/cmdline	mpsl.elf
File opened for reading	/proc/74/cmdline	mpsl.elf
File opened for reading	/proc/77/cmdline	mpsl.elf
File opened for reading	/proc/4/cmdline	mpsl.elf
File opened for reading	/proc/235/cmdline	mpsl.elf
File opened for reading	/proc/14/cmdline	mpsl.elf
File opened for reading	/proc/22/cmdline	mpsl.elf
File opened for reading	/proc/344/cmdline	mpsl.elf
File opened for reading	/proc/702/cmdline	mpsl.elf
File opened for reading	/proc/6/cmdline	mpsl.elf
File opened for reading	/proc/158/cmdline	mpsl.elf
File opened for reading	/proc/16/cmdline	mpsl.elf
File opened for reading	/proc/3/cmdline	mpsl.elf
File opened for reading	/proc/347/cmdline	mpsl.elf
File opened for reading	/proc/1/cmdline	mpsl.elf
File opened for reading	/proc/178/cmdline	mpsl.elf
File opened for reading	/proc/374/cmdline	mpsl.elf
File opened for reading	/proc/386/cmdline	mpsl.elf
File opened for reading	/proc/708/cmdline	mpsl.elf
File opened for reading	/proc/2/cmdline	mpsl.elf
File opened for reading	/proc/677/cmdline	mpsl.elf
File opened for reading	/proc/704/cmdline	mpsl.elf
File opened for reading	/proc/9/cmdline	mpsl.elf
File opened for reading	/proc/37/cmdline	mpsl.elf
File opened for reading	/proc/15/cmdline	mpsl.elf
File opened for reading	/proc/75/cmdline	mpsl.elf
File opened for reading	/proc/701/cmdline	mpsl.elf
File opened for reading	/proc/713/cmdline	mpsl.elf
File opened for reading	/proc/7/cmdline	mpsl.elf
File opened for reading	/proc/23/cmdline	mpsl.elf
File opened for reading	/proc/24/cmdline	mpsl.elf
File opened for reading	/proc/685/cmdline	mpsl.elf
File opened for reading	/proc/21/cmdline	mpsl.elf
File opened for reading	/proc/72/cmdline	mpsl.elf
File opened for reading	/proc/321/cmdline	mpsl.elf
File opened for reading	/proc/345/cmdline	mpsl.elf
File opened for reading	/proc/71/cmdline	mpsl.elf
File opened for reading	/proc/706/cmdline	mpsl.elf

/tmp/mpsl.elf
/tmp/mpsl.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:709

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads