698d20cd37c0fb16f1e5b37f8cf6320947c212c009725cb7a5b17de34bc1f32a

Analysis

max time kernel
153s
max time network
163s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
22-12-2024 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vlxx.mpsl.elf
Size

173KB
MD5

99279f22658eef897ecc808c09ccdc75
SHA1

d028156dcc29a3d40db36c0c53cee6c1f4788f5c
SHA256

698d20cd37c0fb16f1e5b37f8cf6320947c212c009725cb7a5b17de34bc1f32a
SHA512

d287993c0b6cae1ee02e010fe8a9829d5d7e919ab1c59e4eb22427c4ee83209a16ff6c4b6c774c537d08a762031e896bc14f0e52ef783f4ac1b9f6a06789216f
SSDEEP

3072:uCQDElnT/hX5MZ6vKOgwRl6adAbVNj+K/iy8:uCQQRzhaZ6vFg+ljmLSK/

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	-"6	740	vlxx.mpsl.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/15/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/59/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/747/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/7/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/137/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/759/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/42/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/744/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/779/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/773/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/3/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/34/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/733/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/768/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/10/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/14/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/757/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/421/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/765/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/53/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/344/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/394/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/396/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/9/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/11/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/24/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/20/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/26/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/635/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/756/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/758/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/762/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/776/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/111/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/202/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/397/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/2/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/410/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/18/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/690/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/775/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/407/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/6/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/734/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/763/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/16/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/17/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/761/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/769/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/22/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/692/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/731/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/47/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/748/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/755/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/777/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/136/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/760/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/770/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/37/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/782/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/8/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/19/cmdline	vlxx.mpsl.elf
File opened for reading	/proc/35/cmdline	vlxx.mpsl.elf

/tmp/vlxx.mpsl.elf
/tmp/vlxx.mpsl.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:740

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads