d99259a4f1b24bc6520be480e60d5e6bf82030490ba0d7702dfceb1d8a778557

Analysis

max time kernel
151s
max time network
137s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
30-12-2024 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mpsl.elf
Size

79KB
MD5

73cb8de7ef426f197bd656b166c71737
SHA1

3120e2dacbf5674cda245301ce657a3c6edb23dc
SHA256

d99259a4f1b24bc6520be480e60d5e6bf82030490ba0d7702dfceb1d8a778557
SHA512

fc70e3bf58301b0f79f0f89694707457df516bcbde696726b393a20e747d15d2de29305862a37a1f81cf2b6bad98b523377eb9433b61a02d6d3ed6b2321fdf3e
SSDEEP

1536:ZHrCFeAVriSZx1xd5d/o6m6Z8osz2+bSE0rnfVuH:Z6eAVtZPo6m6WWFrnfYH

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
738	mpsl.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	739	mpsl.elf
Changes the process name, possibly in an attempt to hide itself	inetd	741	mpsl.elf
Changes the process name, possibly in an attempt to hide itself	nginx	740	mpsl.elf
Changes the process name, possibly in an attempt to hide itself	sshd	742	mpsl.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/393/cmdline	mpsl.elf
File opened for reading	/proc/731/cmdline	mpsl.elf
File opened for reading	/proc/10/cmdline	mpsl.elf
File opened for reading	/proc/371/cmdline	mpsl.elf
File opened for reading	/proc/74/cmdline	mpsl.elf
File opened for reading	/proc/742/cmdline	mpsl.elf
File opened for reading	/proc/37/cmdline	mpsl.elf
File opened for reading	/proc/68/cmdline	mpsl.elf
File opened for reading	/proc/73/cmdline	mpsl.elf
File opened for reading	/proc/75/cmdline	mpsl.elf
File opened for reading	/proc/392/cmdline	mpsl.elf
File opened for reading	/proc/800/cmdline	mpsl.elf
File opened for reading	/proc/21/cmdline	mpsl.elf
File opened for reading	/proc/23/cmdline	mpsl.elf
File opened for reading	/proc/16/cmdline	mpsl.elf
File opened for reading	/proc/20/cmdline	mpsl.elf
File opened for reading	/proc/24/cmdline	mpsl.elf
File opened for reading	/proc/338/cmdline	mpsl.elf
File opened for reading	/proc/11/cmdline	mpsl.elf
File opened for reading	/proc/13/cmdline	mpsl.elf
File opened for reading	/proc/71/cmdline	mpsl.elf
File opened for reading	/proc/72/cmdline	mpsl.elf
File opened for reading	/proc/688/cmdline	mpsl.elf
File opened for reading	/proc/735/cmdline	mpsl.elf
File opened for reading	/proc/7/cmdline	mpsl.elf
File opened for reading	/proc/17/cmdline	mpsl.elf
File opened for reading	/proc/81/cmdline	mpsl.elf
File opened for reading	/proc/128/cmdline	mpsl.elf
File opened for reading	/proc/451/cmdline	mpsl.elf
File opened for reading	/proc/730/cmdline	mpsl.elf
File opened for reading	/proc/737/cmdline	mpsl.elf
File opened for reading	/proc/804/cmdline	mpsl.elf
File opened for reading	/proc/15/cmdline	mpsl.elf
File opened for reading	/proc/69/cmdline	mpsl.elf
File opened for reading	/proc/251/cmdline	mpsl.elf
File opened for reading	/proc/682/cmdline	mpsl.elf
File opened for reading	/proc/6/cmdline	mpsl.elf
File opened for reading	/proc/83/cmdline	mpsl.elf
File opened for reading	/proc/127/cmdline	mpsl.elf
File opened for reading	/proc/717/cmdline	mpsl.elf
File opened for reading	/proc/812/cmdline	mpsl.elf
File opened for reading	/proc/8/cmdline	mpsl.elf
File opened for reading	/proc/22/cmdline	mpsl.elf
File opened for reading	/proc/82/cmdline	mpsl.elf
File opened for reading	/proc/111/cmdline	mpsl.elf
File opened for reading	/proc/368/cmdline	mpsl.elf
File opened for reading	/proc/736/cmdline	mpsl.elf
File opened for reading	/proc/19/cmdline	mpsl.elf
File opened for reading	/proc/36/cmdline	mpsl.elf
File opened for reading	/proc/741/cmdline	mpsl.elf
File opened for reading	/proc/367/cmdline	mpsl.elf
File opened for reading	/proc/398/cmdline	mpsl.elf
File opened for reading	/proc/14/cmdline	mpsl.elf
File opened for reading	/proc/79/cmdline	mpsl.elf
File opened for reading	/proc/339/cmdline	mpsl.elf
File opened for reading	/proc/12/cmdline	mpsl.elf
File opened for reading	/proc/163/cmdline	mpsl.elf
File opened for reading	/proc/364/cmdline	mpsl.elf
File opened for reading	/proc/685/cmdline	mpsl.elf
File opened for reading	/proc/689/cmdline	mpsl.elf
File opened for reading	/proc/733/cmdline	mpsl.elf
File opened for reading	/proc/750/cmdline	mpsl.elf
File opened for reading	/proc/1/cmdline	mpsl.elf
File opened for reading	/proc/9/cmdline	mpsl.elf

/tmp/mpsl.elf
/tmp/mpsl.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:738

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads