Extracted

• • Target

    mpsl.elf

  • Size

    90KB

  • MD5

    0aa463b70a8eb480887f0b4d0c939677

  • SHA1

    970f82bfe628766c623187cfd135ba1b91c6c059

  • SHA256

    b603668b376b54caba315ee0cdd13ac0a6ddc194d271c4aee822add6f923077d

  • SHA512

    f9eb48ac66923d8bcd38327a5f7acac53559352e0286f7eb762bf86a0d5b2c8a33755635e77feac428629fca19784333a330bcac6ce60797464c94f3b73ab6ad

  • SSDEEP

    1536:a5DnSB+v5gjQm2Q17xk49d6xZLu8vJ4TGo8S:a5TSB+v5gjQmp1GFrvhrS

  Score

  9^/10

  credential_accessdefense_evasiondiscovery

  • Contacts a large (69633) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1