Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

main_mpsl.elf

debian-12-mipsel

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240221-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    29/12/2024, 12:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main_mpsl.elf

  • Size

    173KB

  • MD5

    19db37ba8fe2f327e9b56f73c0855bbc

  • SHA1

    3cee38965122ae57d9cf54d6620ad2aadccab2a4

  • SHA256

    a326ae2399d1c0a006b7d385e9a01fdebc65d1225bdb487b3f36fb37edaa6986

  • SHA512

    e8474212760c051a00b1af5f48a6a7dc70c525f49067ddbc94c15c34b9f9f4b5f6970c6fd645001ed856014ea91db0f4bfa192c733fffafccb93508304c41f87

  • SSDEEP

    1536:HwdqBezGeDPxeXJvkgBZOofcQq6K7yKshdUNmBvLZvU1SaZ6y985gkgXw5jxgK2n:HKpzGOe9kSfcQqW9v8SawFgXojl5mFt

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Traces itself 2 IoCs

    Traces itself to prevent debugging attempts

  • Changes its process name 1 IoCs
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_mpsl.elf
    /tmp/main_mpsl.elf
    1⤵
    • Deletes itself
    • Traces itself
    • Changes its process name
    • Writes file to tmp directory
    PID:742

Network

  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.48.1
  • flag-us
    DNS
    debian12-mipsel-20240221-en-0
    Remote address:
    1.1.1.1:53
    Request
    debian12-mipsel-20240221-en-0
    IN AAAA
    Response
  • flag-us
    DNS
    debian12-mipsel-20240221-en-0
    Remote address:
    1.1.1.1:53
    Request
    debian12-mipsel-20240221-en-0
    IN A
    Response
  • flag-us
    DNS
    debian12-mipsel-20240221-en-0
    Remote address:
    1.1.1.1:53
    Request
    debian12-mipsel-20240221-en-0
    IN AAAA
    Response
  • flag-us
    DNS
    debian12-mipsel-20240221-en-0
    Remote address:
    1.1.1.1:53
    Request
    debian12-mipsel-20240221-en-0
    IN A
    Response
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.80.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.64.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.48.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.112.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.32.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.32.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.16.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.112.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.80.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.96.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.64.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.80.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.64.1
  • flag-us
    DNS
    space.richstressop.cloud
    Remote address:
    8.8.8.8:53
    Request
    space.richstressop.cloud
    IN A
    Response
    space.richstressop.cloud
    IN A
    104.21.48.1
    space.richstressop.cloud
    IN A
    104.21.96.1
    space.richstressop.cloud
    IN A
    104.21.112.1
    space.richstressop.cloud
    IN A
    104.21.32.1
    space.richstressop.cloud
    IN A
    104.21.16.1
    space.richstressop.cloud
    IN A
    104.21.80.1
    space.richstressop.cloud
    IN A
    104.21.64.1
  • 104.21.80.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.32.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.32.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.112.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.64.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.16.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.48.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.80.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.32.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.64.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.16.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.32.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.48.1:1995
    space.richstressop.cloud
    240 B
     4
  • 104.21.48.1:1995
    space.richstressop.cloud
    60 B
     1
  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.80.1
    104.21.16.1
    104.21.112.1
    104.21.64.1
    104.21.32.1
    104.21.96.1
    104.21.48.1

  • 1.1.1.1:53
    debian12-mipsel-20240221-en-0
    dns
    75 B
     150 B
     1
    1

    DNS Request

    debian12-mipsel-20240221-en-0

  • 1.1.1.1:53
    debian12-mipsel-20240221-en-0
    dns
    75 B
     150 B
     1
    1

    DNS Request

    debian12-mipsel-20240221-en-0

  • 1.1.1.1:53
    debian12-mipsel-20240221-en-0
    dns
    75 B
     150 B
     1
    1

    DNS Request

    debian12-mipsel-20240221-en-0

  • 1.1.1.1:53
    debian12-mipsel-20240221-en-0
    dns
    75 B
     150 B
     1
    1

    DNS Request

    debian12-mipsel-20240221-en-0

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.32.1
    104.21.16.1
    104.21.96.1
    104.21.112.1
    104.21.48.1
    104.21.64.1
    104.21.80.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.32.1
    104.21.80.1
    104.21.112.1
    104.21.48.1
    104.21.96.1
    104.21.16.1
    104.21.64.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.112.1
    104.21.16.1
    104.21.80.1
    104.21.96.1
    104.21.32.1
    104.21.64.1
    104.21.48.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.64.1
    104.21.48.1
    104.21.96.1
    104.21.16.1
    104.21.80.1
    104.21.32.1
    104.21.112.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.16.1
    104.21.112.1
    104.21.48.1
    104.21.64.1
    104.21.80.1
    104.21.96.1
    104.21.32.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.48.1
    104.21.16.1
    104.21.96.1
    104.21.112.1
    104.21.64.1
    104.21.80.1
    104.21.32.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.80.1
    104.21.48.1
    104.21.96.1
    104.21.112.1
    104.21.64.1
    104.21.32.1
    104.21.16.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.32.1
    104.21.96.1
    104.21.64.1
    104.21.80.1
    104.21.48.1
    104.21.16.1
    104.21.112.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.64.1
    104.21.48.1
    104.21.16.1
    104.21.96.1
    104.21.112.1
    104.21.32.1
    104.21.80.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.16.1
    104.21.64.1
    104.21.32.1
    104.21.80.1
    104.21.112.1
    104.21.48.1
    104.21.96.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.32.1
    104.21.96.1
    104.21.48.1
    104.21.16.1
    104.21.64.1
    104.21.112.1
    104.21.80.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     1

    DNS Request

    space.richstressop.cloud

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.48.1
    104.21.16.1
    104.21.32.1
    104.21.80.1
    104.21.96.1
    104.21.112.1
    104.21.64.1

  • 8.8.8.8:53
    space.richstressop.cloud
    dns
    70 B
     182 B
     1
    1

    DNS Request

    space.richstressop.cloud

    DNS Response

    104.21.48.1
    104.21.96.1
    104.21.112.1
    104.21.32.1
    104.21.16.1
    104.21.80.1
    104.21.64.1

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.