Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240418-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    02/02/2025, 17:32

General

  • Target

    mpsl.b.elf

  • Size

    106KB

  • MD5

    56820e418dc7fff0b3c057235e6f245a

  • SHA1

    b2999154db9183a76c8b43899423e04ae71ab78b

  • SHA256

    6389f18ae50cc9dc8e1eef30eced0a44b1d77ad27d4862daa01f7e4ff54b9474

  • SHA512

    54ada7d83be974a2eb0faa475cc1d3c5e5e2eb366ca073672217ca2dd90aef69c6b332ac3539b827ae19212d6ca8736edcff4be9ca95b078b53ee5f75fd3c70c

  • SSDEEP

    1536:wAxCZNOM+AZzOMlWJdZqnkj5Y6oPHqa+F1ormJgjkZXpo3LVTB6:wAxCZAMXZznu/qktLCH4oqJgwZZj

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Traces itself 1 IoCs

    Traces itself to prevent debugging attempts

  • Reads process memory 1 TTPs 20 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

  • Changes its process name 1 IoCs

Processes

  • /tmp/mpsl.b.elf
    /tmp/mpsl.b.elf
    1⤵
    • Modifies Watchdog functionality
    • Traces itself
    • Reads process memory
    • Changes its process name
    PID:745

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads