Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
mpsl.elf

Overview

General Information

Sample name:mpsl.elf
Analysis ID:1554851
MD5:7ff60619d312b7e27a8fdabbb7a25dcd
SHA1:116cb1668a7e38e5ca329715b0fdd4b55afaaafa
SHA256:7358cb9639b8583cf568d8dc997739bd9635fef6a13f6e0848b7b84439734f75
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1554851
Start date and time:2024-11-13 01:23:52 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 33s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mpsl.elf
Detection:MAL
Classification:mal48.linELF@0/1@0/0

Runtime Messages

Command:/tmp/mpsl.elf
PID:5574
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Onboard the boat
Standard Error:

Process Tree

  • system is lnxubuntu20
  • mpsl.elf (PID: 5574, Parent: 5500, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/mpsl.elf
    • mpsl.elf New Fork (PID: 5576, Parent: 5574)
      • mpsl.elf New Fork (PID: 5578, Parent: 5576)
      • mpsl.elf New Fork (PID: 5580, Parent: 5576)
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: mpsl.elfReversingLabs: Detection: 23%
Source: mpsl.elfString: @wgettftpcurlftpget/proc/proc/%s/cmdliner/.
Source: global trafficTCP traffic: 192.168.2.15:49562 -> 154.213.187.125:51321
Source: /tmp/mpsl.elf (PID: 5574)Socket: 127.0.0.1:51101Jump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.linELF@0/1@0/0
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/1333/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/1695/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/911/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/914/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/10/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/917/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/11/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/12/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/13/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/14/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/15/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/16/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/17/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/18/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/19/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/1591/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/120/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/121/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/122/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/243/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/2/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/123/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/3/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/124/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/1588/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/125/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/4/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/246/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/126/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/5/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/127/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/6/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/1585/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/128/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/7/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/129/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/8/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/9/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/802/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/803/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/804/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/20/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/21/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/3407/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/22/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/23/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/24/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/25/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/26/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/27/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/28/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/29/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/1484/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/490/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/250/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/130/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/251/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/131/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/132/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/133/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/1479/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/378/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/258/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/259/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/931/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/1595/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/3894/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/812/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/933/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/30/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/3419/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/35/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/3310/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/260/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/261/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/262/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/142/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/263/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/264/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/5607/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/265/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/5608/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/145/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/266/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/5609/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/267/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/268/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/3303/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/269/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5580)File opened: /proc/1486/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5574)Queries kernel information via 'uname': Jump to behavior
Source: mpsl.elf, 5574.1.000055650e1c0000.000055650e247000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
Source: mpsl.elf, 5574.1.00007fffab272000.00007fffab293000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mpsl.elf
Source: mpsl.elf, 5574.1.00007fffab272000.00007fffab293000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel
Source: mpsl.elf, 5574.1.000055650e1c0000.000055650e247000.rw-.sdmpBinary or memory string: eU!/etc/qemu-binfmt/mipsel

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume Access1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1554851 Sample: mpsl.elf Startdate: 13/11/2024 Architecture: LINUX Score: 48 16 154.213.187.125, 49562, 49564, 49566 DDOSING-BGP-NETWORKUS Seychelles 2->16 18 Multi AV Scanner detection for submitted file 2->18 8 mpsl.elf 2->8         started        signatures3 process4 process5 10 mpsl.elf 8->10         started        process6 12 mpsl.elf 10->12         started        14 mpsl.elf 10->14         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
mpsl.elf24%ReversingLabsLinux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
154.213.187.125
unknownSeychelles
22769DDOSING-BGP-NETWORKUSfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
154.213.187.125arm7.elfGet hashmaliciousMiraiBrowse
    mips.elfGet hashmaliciousUnknownBrowse
      garm.elfGet hashmaliciousUnknownBrowse
        x86.elfGet hashmaliciousUnknownBrowse
          gmips.elfGet hashmaliciousUnknownBrowse
            arm.elfGet hashmaliciousUnknownBrowse
              gx86.elfGet hashmaliciousUnknownBrowse

                Domains

                No context

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                DDOSING-BGP-NETWORKUSarm7.elfGet hashmaliciousMiraiBrowse
                • 154.213.187.125
                mips.elfGet hashmaliciousUnknownBrowse
                • 154.213.187.125
                garm.elfGet hashmaliciousUnknownBrowse
                • 154.213.187.125
                x86.elfGet hashmaliciousUnknownBrowse
                • 154.213.187.125
                gmips.elfGet hashmaliciousUnknownBrowse
                • 154.213.187.125
                arm.elfGet hashmaliciousUnknownBrowse
                • 154.213.187.125
                gx86.elfGet hashmaliciousUnknownBrowse
                • 154.213.187.125
                mpsl.b.elfGet hashmaliciousMiraiBrowse
                • 154.213.187.68
                arm.b.elfGet hashmaliciousUnknownBrowse
                • 154.213.187.68
                mirai.m68k.elfGet hashmaliciousUnknownBrowse
                • 154.213.189.2

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                /tmp/qemu-open.V2iwO7 (deleted)

                Download File
                Process:/tmp/mpsl.elf
                File Type:data
                Category:dropped
                Size (bytes):14
                Entropy (8bit):3.2359263506290334
                Encrypted:false
                SSDEEP:3:TgLJLG:TgLFG
                MD5:F38566EE0BC1CD8FBC1A2366D5C73FFE
                SHA1:670B71B3B2F7C95A453BE48DE048B4D331E9AF5C
                SHA-256:8DE045D1FFCA4ADCA0440D72EE8946E5BE883FA1036732770285BF5A272DD618
                SHA-512:E57F865160CA30D18A02E3A408DC813DE15AB05E4831E8F92F431320C331C3D0F6806831E099DD93A1D07AC22AB7C890957DE1078C71EB711780F116AA228165
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview:/tmp/mpsl.elf.

                Static File Info

                General

                File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                Entropy (8bit):5.329009969640064
                TrID:
                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                File name:mpsl.elf
                File size:76'656 bytes
                MD5:7ff60619d312b7e27a8fdabbb7a25dcd
                SHA1:116cb1668a7e38e5ca329715b0fdd4b55afaaafa
                SHA256:7358cb9639b8583cf568d8dc997739bd9635fef6a13f6e0848b7b84439734f75
                SHA512:57b224f5e0a728d0b491b2a4ff83f7c5e9edaa02b295fbfea782545c6d55b6f10f89a2983cb71cb1cf1df4012babc1341399cea76d5ee404c37f0f2308810496
                SSDEEP:1536:b1S6xUijnQwnG3vt4qxXzZ/tfNW9EhbYbZ+4XAqLbuhE5Ne:bzUijnAb1SEBYbA65g
                TLSH:7773C50AFF610EBBDC6FDD370AA9170235CC651B22B47B397534C928B64A54B4AE3C64
                File Content Preview:.ELF....................`.@.4...@)......4. ...(...............@...@.@...@................ ... E.. E.....`l..........Q.td...............................<<..'!......'.......................<...'!... .........9'.. ........................<...'!...........`.9

                Static ELF Info

                ELF header

                Class:ELF32
                Data:2's complement, little endian
                Version:1 (current)
                Machine:MIPS R3000
                Version Number:0x1
                Type:EXEC (Executable file)
                OS/ABI:UNIX - System V
                ABI Version:0
                Entry Point Address:0x400260
                Flags:0x1007
                ELF Header Size:52
                Program Header Offset:52
                Program Header Size:32
                Number of Program Headers:3
                Section Header Offset:76096
                Section Header Size:40
                Number of Section Headers:14
                Header String Table Index:13

                Sections

                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                NULL0x00x00x00x00x0000
                .initPROGBITS0x4000940x940x8c0x00x6AX004
                .textPROGBITS0x4001200x1200x100b00x00x6AX0016
                .finiPROGBITS0x4101d00x101d00x5c0x00x6AX004
                .rodataPROGBITS0x4102300x102300x13100x00x2A0016
                .ctorsPROGBITS0x4520000x120000x80x00x3WA004
                .dtorsPROGBITS0x4520080x120080x80x00x3WA004
                .data.rel.roPROGBITS0x4520140x120140x1c0x00x3WA004
                .dataPROGBITS0x4520300x120300x3b00x00x3WA0016
                .gotPROGBITS0x4523e00x123e00x4fc0x40x10000003WAp0016
                .sbssNOBITS0x4528dc0x128dc0x3c0x00x10000003WAp004
                .bssNOBITS0x4529200x128dc0x63400x00x3WA0016
                .mdebug.abi32PROGBITS0xb1c0x128dc0x00x00x0001
                .shstrtabSTRTAB0x00x128dc0x640x00x0001

                Program Segments

                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                LOAD0x00x4000000x4000000x115400x115405.49710x5R E0x10000.init .text .fini .rodata
                LOAD0x120000x4520000x4520000x8dc0x6c603.79510x6RW 0x10000.ctors .dtors .data.rel.ro .data .got .sbss .bss
                GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Nov 13, 2024 01:24:48.688112974 CET4956251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:48.693083048 CET5132149562154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:48.693159103 CET4956251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:48.706724882 CET4956251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:48.711605072 CET5132149562154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:48.711646080 CET4956251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:48.716424942 CET5132149562154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:49.677999973 CET5132149562154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:49.678344965 CET4956251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:49.683188915 CET5132149562154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:50.697043896 CET4956451321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:50.702441931 CET5132149564154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:50.702496052 CET4956451321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:50.703478098 CET4956451321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:50.708612919 CET5132149564154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:50.708690882 CET4956451321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:50.713530064 CET5132149564154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:51.717633009 CET5132149564154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:51.717720985 CET4956451321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:51.722520113 CET5132149564154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:52.719155073 CET4956651321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:52.724111080 CET5132149566154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:52.724198103 CET4956651321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:52.725174904 CET4956651321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:52.730040073 CET5132149566154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:52.730092049 CET4956651321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:52.734859943 CET5132149566154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:53.720489979 CET5132149566154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:53.720581055 CET4956651321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:53.725462914 CET5132149566154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:54.721599102 CET4956851321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:54.726502895 CET5132149568154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:54.726557016 CET4956851321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:54.727257967 CET4956851321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:54.732117891 CET5132149568154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:54.732182980 CET4956851321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:54.736928940 CET5132149568154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:55.736761093 CET5132149568154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:55.736841917 CET4956851321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:55.741739988 CET5132149568154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:56.737905025 CET4957051321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:56.742815018 CET5132149570154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:56.742877960 CET4957051321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:56.743601084 CET4957051321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:56.748513937 CET5132149570154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:56.748563051 CET4957051321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:56.755640030 CET5132149570154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:57.728370905 CET5132149570154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:57.728466034 CET4957051321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:57.733437061 CET5132149570154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:58.730171919 CET4957251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:58.735198021 CET5132149572154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:58.735256910 CET4957251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:58.736350060 CET4957251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:58.741193056 CET5132149572154.213.187.125192.168.2.15
                Nov 13, 2024 01:24:58.741238117 CET4957251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:24:58.746190071 CET5132149572154.213.187.125192.168.2.15
                Nov 13, 2024 01:25:08.738467932 CET4957251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:25:08.743382931 CET5132149572154.213.187.125192.168.2.15
                Nov 13, 2024 01:25:08.999610901 CET5132149572154.213.187.125192.168.2.15
                Nov 13, 2024 01:25:08.999665976 CET4957251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:26:09.020560026 CET4957251321192.168.2.15154.213.187.125
                Nov 13, 2024 01:26:09.025595903 CET5132149572154.213.187.125192.168.2.15
                Nov 13, 2024 01:26:09.283845901 CET5132149572154.213.187.125192.168.2.15
                Nov 13, 2024 01:26:09.283967972 CET4957251321192.168.2.15154.213.187.125

                System Behavior

                General

                Start time (UTC):00:24:47
                Start date (UTC):13/11/2024
                Path:/tmp/mpsl.elf
                Arguments:/tmp/mpsl.elf
                File size:5773336 bytes
                MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                Chronological Activities


                General

                Start time (UTC):00:24:47
                Start date (UTC):13/11/2024
                Path:/tmp/mpsl.elf
                Arguments:-
                File size:5773336 bytes
                MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                Chronological Activities


                General

                Start time (UTC):00:24:47
                Start date (UTC):13/11/2024
                Path:/tmp/mpsl.elf
                Arguments:-
                File size:5773336 bytes
                MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                Chronological Activities


                General

                Start time (UTC):00:24:47
                Start date (UTC):13/11/2024
                Path:/tmp/mpsl.elf
                Arguments:-
                File size:5773336 bytes
                MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                Chronological Activities