Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240418-en -
resource tags
arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
02/02/2025, 17:32
Behavioral task
behavioral1
Sample
mpsl.b.elf
Resource
debian12-mipsel-20240418-en
General
-
Target
mpsl.b.elf
-
Size
106KB
-
MD5
56820e418dc7fff0b3c057235e6f245a
-
SHA1
b2999154db9183a76c8b43899423e04ae71ab78b
-
SHA256
6389f18ae50cc9dc8e1eef30eced0a44b1d77ad27d4862daa01f7e4ff54b9474
-
SHA512
54ada7d83be974a2eb0faa475cc1d3c5e5e2eb366ca073672217ca2dd90aef69c6b332ac3539b827ae19212d6ca8736edcff4be9ca95b078b53ee5f75fd3c70c
-
SSDEEP
1536:wAxCZNOM+AZzOMlWJdZqnkj5Y6oPHqa+F1ormJgjkZXpo3LVTB6:wAxCZAMXZznu/qktLCH4oqJgwZZj
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog mpsl.b.elf File opened for modification /dev/misc/watchdog mpsl.b.elf -
Traces itself 1 IoCs
Traces itself to prevent debugging attempts
pid Process 745 mpsl.b.elf -
Reads process memory 1 TTPs 20 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
description ioc Process File opened for reading /proc/413/maps mpsl.b.elf File opened for reading /proc/719/maps mpsl.b.elf File opened for reading /proc/757/maps mpsl.b.elf File opened for reading /proc/402/maps mpsl.b.elf File opened for reading /proc/411/maps mpsl.b.elf File opened for reading /proc/763/maps mpsl.b.elf File opened for reading /proc/785/maps mpsl.b.elf File opened for reading /proc/714/maps mpsl.b.elf File opened for reading /proc/718/maps mpsl.b.elf File opened for reading /proc/722/maps mpsl.b.elf File opened for reading /proc/738/maps mpsl.b.elf File opened for reading /proc/746/maps mpsl.b.elf File opened for reading /proc/681/maps mpsl.b.elf File opened for reading /proc/700/maps mpsl.b.elf File opened for reading /proc/680/maps mpsl.b.elf File opened for reading /proc/698/maps mpsl.b.elf File opened for reading /proc/711/maps mpsl.b.elf File opened for reading /proc/737/maps mpsl.b.elf File opened for reading /proc/417/maps mpsl.b.elf File opened for reading /proc/668/maps mpsl.b.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself hvo9nnlfnsthknan03 745 mpsl.b.elf