Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
mpsl.elf

Overview

General Information

Sample name:mpsl.elf
Analysis ID:1583890
MD5:a55cf93634412632eaef5ccaffd7e76e
SHA1:2fdc889c5b539cb13ef78b4134bc538173b7cf3b
SHA256:fb8c4375a130519b1efde83331104660d2e86beb26ea7fc0cff76eaa8ac92dcd
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1583890
Start date and time:2025-01-03 20:22:06 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 59s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mpsl.elf
Detection:MAL
Classification:mal52.spre.linELF@0/22@5/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown
  • VT rate limit hit for: mpsl.elf

Runtime Messages

Command:/tmp/mpsl.elf
PID:5432
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
dear
Standard Error:

Process Tree

  • system is lnxubuntu20
  • mpsl.elf (PID: 5432, Parent: 5357, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/mpsl.elf
    • mpsl.elf New Fork (PID: 5434, Parent: 5432)
      • mpsl.elf New Fork (PID: 5436, Parent: 5434)
      • mpsl.elf New Fork (PID: 5440, Parent: 5434)
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: mpsl.elfReversingLabs: Detection: 28%
Source: mpsl.elfString: '/proc/self/exe/. self/proc//bin/bash/bin/sh/bin/dashbashshftpwgettftpncnetcatnmaptcpdumpsocatcurlbusyboxpythonrebootechoinitcroniptablessshdtelnettelnetdtftpdrshdrexecdftpdxinetdpftp/bin/login
Source: global trafficTCP traffic: 192.168.2.13:42052 -> 210.99.15.237:13566
Source: global trafficTCP traffic: 192.168.2.13:38256 -> 210.99.63.34:13566
Source: global trafficTCP traffic: 192.168.2.13:51534 -> 210.99.86.58:13566
Source: global trafficTCP traffic: 192.168.2.13:42842 -> 210.99.52.116:13566
Source: global trafficTCP traffic: 192.168.2.13:43522 -> 210.99.230.69:13566
Source: global trafficTCP traffic: 192.168.2.13:48280 -> 210.99.79.150:13566
Source: global trafficTCP traffic: 192.168.2.13:47898 -> 210.99.227.31:13566
Source: global trafficTCP traffic: 192.168.2.13:35824 -> 210.99.95.136:13566
Source: global trafficTCP traffic: 192.168.2.13:47322 -> 210.99.53.116:13566
Source: global trafficTCP traffic: 192.168.2.13:51888 -> 210.99.217.69:13566
Source: global trafficTCP traffic: 192.168.2.13:50514 -> 210.99.92.49:13566
Source: global trafficTCP traffic: 192.168.2.13:45460 -> 210.99.180.166:13566
Source: global trafficTCP traffic: 192.168.2.13:37032 -> 210.99.251.181:13566
Source: global trafficTCP traffic: 192.168.2.13:35730 -> 210.99.182.55:13566
Source: global trafficTCP traffic: 192.168.2.13:52276 -> 210.99.175.253:13566
Source: global trafficTCP traffic: 192.168.2.13:41610 -> 210.99.92.190:13566
Source: global trafficTCP traffic: 192.168.2.13:39548 -> 210.99.234.155:13566
Source: global trafficTCP traffic: 192.168.2.13:59182 -> 210.99.224.65:13566
Source: global trafficTCP traffic: 192.168.2.13:43662 -> 210.99.213.20:13566
Source: global trafficTCP traffic: 192.168.2.13:46666 -> 210.99.181.187:13566
Source: global trafficTCP traffic: 192.168.2.13:47750 -> 210.99.90.4:13566
Source: global trafficTCP traffic: 192.168.2.13:55152 -> 210.99.81.61:13566
Source: global trafficTCP traffic: 192.168.2.13:59252 -> 210.99.35.176:13566
Source: global trafficTCP traffic: 192.168.2.13:33750 -> 210.99.197.88:13566
Source: global trafficTCP traffic: 192.168.2.13:37902 -> 210.99.36.158:13566
Source: global trafficTCP traffic: 192.168.2.13:42708 -> 83.222.191.90:13566
Source: /tmp/mpsl.elf (PID: 5432)Socket: 127.0.0.1:8341Jump to behavior
Source: unknownDNS traffic detected: query: secure-network-rebirthltd.ru replaycode: Name error (3)
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru

System Summary

barindex
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5440, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5462, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5463, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5464, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5465, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5466, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5467, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5468, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5469, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5470, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5471, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5472, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5473, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5474, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5475, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5476, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5477, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5478, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5479, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5480, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5529, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: '/proc/self/exe/. self/proc//bin/bash/bin/sh/bin/dashbashshftpwgettftpncnetcatnmaptcpdumpsocatcurlbusyboxpythonrebootechoinitcroniptablessshdtelnettelnetdtftpdrshdrexecdftpdxinetdpftp/bin/login
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5440, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5462, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5463, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5464, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5465, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5466, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5467, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5468, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5469, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5470, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5471, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5472, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5473, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5474, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5475, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5476, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5477, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5478, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5479, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5480, result: successfulJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)SIGKILL sent: pid: 5529, result: successfulJump to behavior
Source: classification engineClassification label: mal52.spre.linELF@0/22@5/0
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5470/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5470/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5471/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5471/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5472/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5472/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5440/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5440/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5462/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5462/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5473/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5473/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5463/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5463/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5474/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5474/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5464/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5464/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5475/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5475/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5465/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5465/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5476/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5476/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5466/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5466/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5477/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5477/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5521/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5521/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5480/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5480/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5467/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5467/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5478/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5478/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5468/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5468/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5479/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5479/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5469/mapsJump to behavior
Source: /tmp/mpsl.elf (PID: 5436)File opened: /proc/5469/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)Queries kernel information via 'uname': Jump to behavior
Source: mpsl.elf, 5432.1.0000559d97cfe000.0000559d97dac000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
Source: mpsl.elf, 5432.1.0000559d97cfe000.0000559d97dac000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mipsel
Source: mpsl.elf, 5432.1.00007ffea54b7000.00007ffea54d8000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mpsl.elf
Source: mpsl.elf, 5432.1.00007ffea54b7000.00007ffea54d8000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume Access1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583890 Sample: mpsl.elf Startdate: 03/01/2025 Architecture: LINUX Score: 52 17 210.99.175.253, 13566, 52276 NICNETKoreaTelecomKR Korea Republic of 2->17 19 83.222.191.90, 13566, 42708 NET1-ASBG Bulgaria 2->19 21 25 other IPs or domains 2->21 23 Multi AV Scanner detection for submitted file 2->23 8 mpsl.elf 2->8         started        signatures3 process4 process5 10 mpsl.elf 8->10         started        process6 12 mpsl.elf 10->12         started        15 mpsl.elf 10->15         started        signatures7 25 Sample tries to kill multiple processes (SIGKILL) 12->25

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
mpsl.elf29%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
unknown
unknownfalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    210.99.92.49
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.182.55
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.217.69
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.35.176
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.36.158
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.52.116
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.53.116
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.79.150
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.213.20
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.230.69
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.181.187
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.95.136
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.63.34
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.86.58
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.92.190
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.90.4
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.81.61
    		unknownKorea Republic of
    		17600ENVICO-AS-KRKOREARESOURCESRECOVERYANDREUTILIZATIONCORPfalse
    210.99.175.253
    		unknownKorea Republic of
    		45400NICNETKoreaTelecomKRfalse
    83.222.191.90
    		unknownBulgaria
    		43561NET1-ASBGfalse
    210.99.180.166
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.234.155
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.227.31
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.251.181
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.197.88
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.15.237
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.224.65
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    83.222.191.90mpsl.elfGet hashmaliciousUnknownBrowse
      m68k.elfGet hashmaliciousMiraiBrowse
        ppc.elfGet hashmaliciousMiraiBrowse
          arm4.elfGet hashmaliciousMiraiBrowse
            spc.elfGet hashmaliciousUnknownBrowse
              x86.elfGet hashmaliciousMiraiBrowse
                arm7.elfGet hashmaliciousMiraiBrowse
                  x86_64.elfGet hashmaliciousMiraiBrowse
                    arm5.elfGet hashmaliciousMiraiBrowse
                      mips.elfGet hashmaliciousMiraiBrowse

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        KIXS-AS-KRKoreaTelecomKRarmv5l.elfGet hashmaliciousMiraiBrowse
                        • 220.92.130.121
                        armv7l.elfGet hashmaliciousMiraiBrowse
                        • 221.161.77.61
                        armv4l.elfGet hashmaliciousMiraiBrowse
                        • 218.151.13.97
                        4.elfGet hashmaliciousUnknownBrowse
                        • 125.158.221.60
                        4.elfGet hashmaliciousUnknownBrowse
                        • 49.16.166.67
                        4.elfGet hashmaliciousUnknownBrowse
                        • 222.118.248.15
                        DEMONS.arm.elfGet hashmaliciousUnknownBrowse
                        • 211.226.202.72
                        DEMONS.x86.elfGet hashmaliciousUnknownBrowse
                        • 218.149.31.108
                        DEMONS.spc.elfGet hashmaliciousUnknownBrowse
                        • 118.37.22.221
                        DEMONS.sh4.elfGet hashmaliciousUnknownBrowse
                        • 27.236.188.110
                        KIXS-AS-KRKoreaTelecomKRarmv5l.elfGet hashmaliciousMiraiBrowse
                        • 220.92.130.121
                        armv7l.elfGet hashmaliciousMiraiBrowse
                        • 221.161.77.61
                        armv4l.elfGet hashmaliciousMiraiBrowse
                        • 218.151.13.97
                        4.elfGet hashmaliciousUnknownBrowse
                        • 125.158.221.60
                        4.elfGet hashmaliciousUnknownBrowse
                        • 49.16.166.67
                        4.elfGet hashmaliciousUnknownBrowse
                        • 222.118.248.15
                        DEMONS.arm.elfGet hashmaliciousUnknownBrowse
                        • 211.226.202.72
                        DEMONS.x86.elfGet hashmaliciousUnknownBrowse
                        • 218.149.31.108
                        DEMONS.spc.elfGet hashmaliciousUnknownBrowse
                        • 118.37.22.221
                        DEMONS.sh4.elfGet hashmaliciousUnknownBrowse
                        • 27.236.188.110
                        KIXS-AS-KRKoreaTelecomKRarmv5l.elfGet hashmaliciousMiraiBrowse
                        • 220.92.130.121
                        armv7l.elfGet hashmaliciousMiraiBrowse
                        • 221.161.77.61
                        armv4l.elfGet hashmaliciousMiraiBrowse
                        • 218.151.13.97
                        4.elfGet hashmaliciousUnknownBrowse
                        • 125.158.221.60
                        4.elfGet hashmaliciousUnknownBrowse
                        • 49.16.166.67
                        4.elfGet hashmaliciousUnknownBrowse
                        • 222.118.248.15
                        DEMONS.arm.elfGet hashmaliciousUnknownBrowse
                        • 211.226.202.72
                        DEMONS.x86.elfGet hashmaliciousUnknownBrowse
                        • 218.149.31.108
                        DEMONS.spc.elfGet hashmaliciousUnknownBrowse
                        • 118.37.22.221
                        DEMONS.sh4.elfGet hashmaliciousUnknownBrowse
                        • 27.236.188.110
                        KIXS-AS-KRKoreaTelecomKRarmv5l.elfGet hashmaliciousMiraiBrowse
                        • 220.92.130.121
                        armv7l.elfGet hashmaliciousMiraiBrowse
                        • 221.161.77.61
                        armv4l.elfGet hashmaliciousMiraiBrowse
                        • 218.151.13.97
                        4.elfGet hashmaliciousUnknownBrowse
                        • 125.158.221.60
                        4.elfGet hashmaliciousUnknownBrowse
                        • 49.16.166.67
                        4.elfGet hashmaliciousUnknownBrowse
                        • 222.118.248.15
                        DEMONS.arm.elfGet hashmaliciousUnknownBrowse
                        • 211.226.202.72
                        DEMONS.x86.elfGet hashmaliciousUnknownBrowse
                        • 218.149.31.108
                        DEMONS.spc.elfGet hashmaliciousUnknownBrowse
                        • 118.37.22.221
                        DEMONS.sh4.elfGet hashmaliciousUnknownBrowse
                        • 27.236.188.110

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        /tmp/qemu-open.13R9Ge (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Reputation:low
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.3E8cWd (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Reputation:low
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.61OMWg (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Reputation:low
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.DUbzld (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Reputation:low
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.GX91ie (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Reputation:low
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.HHDAwe (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Reputation:low
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.HQ9xEf (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Reputation:low
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.ITEexf (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Reputation:low
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.JquV6c (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Reputation:low
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.S9NWVe (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Reputation:low
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.TjLKdd (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.f2hdqg (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.gEICde (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.gTYHId (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.lfBaFd (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.n2vxad (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.qByP1f (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.qNsM7g (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.t26Bfh (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.uinPdh (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.xTDUcg (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        /tmp/qemu-open.xYVrif (deleted)

                        Download File
                        Process:/tmp/mpsl.elf
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):255
                        Entropy (8bit):3.2081404796797344
                        Encrypted:false
                        SSDEEP:6:UR/gceFXkBHT/VUV4ceFX8/VxD/VDM/V+4D/VH:I/9eQiVleGtMfF
                        MD5:5040398A84FBBCC70318A2AFBA3CE05F
                        SHA1:CCA43A0DCEA26D7CD794A3CC1358686EFDFE1697
                        SHA-256:3207D97968C54E8262B92AA96B3605E5B01307FC661971736EC9EA7C06AB9098
                        SHA-512:4F79B44841EEE5A82397A55C241BB9239C4C1DEACF770AB7494853E27E78A2B7BF4C21711079EA76D3F129B8564BEB8032A5D424D991E056DCBA3572C452BACD
                        Malicious:false
                        Preview:400000-410000 r-xp 00000000 fd:00 531567 /tmp/..450000-451000 rw-p 00010000 fd:00 531567 /tmp/..451000-452000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

                        Static File Info

                        General

                        File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                        Entropy (8bit):5.425516181742488
                        TrID:
                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                        File name:mpsl.elf
                        File size:67'912 bytes
                        MD5:a55cf93634412632eaef5ccaffd7e76e
                        SHA1:2fdc889c5b539cb13ef78b4134bc538173b7cf3b
                        SHA256:fb8c4375a130519b1efde83331104660d2e86beb26ea7fc0cff76eaa8ac92dcd
                        SHA512:9813bda35583f9b33c4d9bae139bebdc066a64896fd734e62ec1b816c5ce44bb63d884c77126ce5521f4b3a348e51b71856e8625e0755aa3c71f6ce161d9f624
                        SSDEEP:1536:n0QHJ/Ri4aINWQwqyRghgb7ZsoQMYrnOAn:08nOAWQ+7yrnHn
                        TLSH:F663D615BF210EB7EC6FCC3746B55B0924DC950B21A93B353934E818F26B25B1AE7874
                        File Content Preview:.ELF....................`.@.4...........4. ...(...............@...@.p...p.....................E...E.....h...........Q.td...............................<l..'!......'.......................<H..'!... .........9'.. ........................<...'!.............9

                        Static ELF Info

                        ELF header

                        Class:ELF32
                        Data:2's complement, little endian
                        Version:1 (current)
                        Machine:MIPS R3000
                        Version Number:0x1
                        Type:EXEC (Executable file)
                        OS/ABI:UNIX - System V
                        ABI Version:0
                        Entry Point Address:0x400260
                        Flags:0x1007
                        ELF Header Size:52
                        Program Header Offset:52
                        Program Header Size:32
                        Number of Program Headers:3
                        Section Header Offset:67352
                        Section Header Size:40
                        Number of Section Headers:14
                        Header String Table Index:13

                        Sections

                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                        NULL0x00x00x00x00x0000
                        .initPROGBITS0x4000940x940x8c0x00x6AX004
                        .textPROGBITS0x4001200x1200xf0200x00x6AX0016
                        .finiPROGBITS0x40f1400xf1400x5c0x00x6AX004
                        .rodataPROGBITS0x40f1a00xf1a00x9d00x00x2A0016
                        .ctorsPROGBITS0x4500000x100000x80x00x3WA004
                        .dtorsPROGBITS0x4500080x100080x80x00x3WA004
                        .data.rel.roPROGBITS0x4500140x100140x8c0x00x3WA004
                        .dataPROGBITS0x4500a00x100a00x2700x00x3WA0016
                        .gotPROGBITS0x4503100x103100x3a40x40x10000003WAp0016
                        .sbssNOBITS0x4506b40x106b40x140x00x10000003WAp004
                        .bssNOBITS0x4506d00x106b40x1980x00x3WA0016
                        .mdebug.abi32PROGBITS0x7620x106b40x00x00x0001
                        .shstrtabSTRTAB0x00x106b40x640x00x0001

                        Program Segments

                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                        LOAD0x00x4000000x4000000xfb700xfb705.51170x5R E0x10000.init .text .fini .rodata
                        LOAD0x100000x4500000x4500000x6b40x8684.01500x6RW 0x10000.ctors .dtors .data.rel.ro .data .got .sbss .bss
                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jan 3, 2025 20:22:48.698268890 CET4205213566192.168.2.13210.99.15.237
                        Jan 3, 2025 20:22:48.703231096 CET1356642052210.99.15.237192.168.2.13
                        Jan 3, 2025 20:22:48.703279018 CET4205213566192.168.2.13210.99.15.237
                        Jan 3, 2025 20:22:48.714443922 CET4205213566192.168.2.13210.99.15.237
                        Jan 3, 2025 20:22:48.719391108 CET1356642052210.99.15.237192.168.2.13
                        Jan 3, 2025 20:22:48.719439030 CET4205213566192.168.2.13210.99.15.237
                        Jan 3, 2025 20:22:48.729585886 CET3825613566192.168.2.13210.99.63.34
                        Jan 3, 2025 20:22:48.734757900 CET1356638256210.99.63.34192.168.2.13
                        Jan 3, 2025 20:22:48.734814882 CET3825613566192.168.2.13210.99.63.34
                        Jan 3, 2025 20:22:48.736037970 CET3825613566192.168.2.13210.99.63.34
                        Jan 3, 2025 20:22:48.738238096 CET5153413566192.168.2.13210.99.86.58
                        Jan 3, 2025 20:22:48.741107941 CET4284213566192.168.2.13210.99.52.116
                        Jan 3, 2025 20:22:48.742245913 CET1356638256210.99.63.34192.168.2.13
                        Jan 3, 2025 20:22:48.742300987 CET3825613566192.168.2.13210.99.63.34
                        Jan 3, 2025 20:22:48.743918896 CET1356651534210.99.86.58192.168.2.13
                        Jan 3, 2025 20:22:48.743973970 CET5153413566192.168.2.13210.99.86.58
                        Jan 3, 2025 20:22:48.747204065 CET1356642842210.99.52.116192.168.2.13
                        Jan 3, 2025 20:22:48.747303009 CET4284213566192.168.2.13210.99.52.116
                        Jan 3, 2025 20:22:48.754700899 CET4284213566192.168.2.13210.99.52.116
                        Jan 3, 2025 20:22:48.756634951 CET4352213566192.168.2.13210.99.230.69
                        Jan 3, 2025 20:22:48.760004044 CET1356642842210.99.52.116192.168.2.13
                        Jan 3, 2025 20:22:48.760040045 CET4284213566192.168.2.13210.99.52.116
                        Jan 3, 2025 20:22:48.761630058 CET1356643522210.99.230.69192.168.2.13
                        Jan 3, 2025 20:22:48.761673927 CET4352213566192.168.2.13210.99.230.69
                        Jan 3, 2025 20:22:48.769906044 CET4828013566192.168.2.13210.99.79.150
                        Jan 3, 2025 20:22:48.773844957 CET4789813566192.168.2.13210.99.227.31
                        Jan 3, 2025 20:22:48.774652004 CET1356648280210.99.79.150192.168.2.13
                        Jan 3, 2025 20:22:48.774703026 CET4828013566192.168.2.13210.99.79.150
                        Jan 3, 2025 20:22:48.778106928 CET3582413566192.168.2.13210.99.95.136
                        Jan 3, 2025 20:22:48.778664112 CET1356647898210.99.227.31192.168.2.13
                        Jan 3, 2025 20:22:48.778707027 CET4789813566192.168.2.13210.99.227.31
                        Jan 3, 2025 20:22:48.782109976 CET4732213566192.168.2.13210.99.53.116
                        Jan 3, 2025 20:22:48.782888889 CET1356635824210.99.95.136192.168.2.13
                        Jan 3, 2025 20:22:48.782943010 CET3582413566192.168.2.13210.99.95.136
                        Jan 3, 2025 20:22:48.786377907 CET5188813566192.168.2.13210.99.217.69
                        Jan 3, 2025 20:22:48.786827087 CET1356647322210.99.53.116192.168.2.13
                        Jan 3, 2025 20:22:48.786870003 CET4732213566192.168.2.13210.99.53.116
                        Jan 3, 2025 20:22:48.790352106 CET5051413566192.168.2.13210.99.92.49
                        Jan 3, 2025 20:22:48.791096926 CET1356651888210.99.217.69192.168.2.13
                        Jan 3, 2025 20:22:48.791138887 CET5188813566192.168.2.13210.99.217.69
                        Jan 3, 2025 20:22:48.795114040 CET4546013566192.168.2.13210.99.180.166
                        Jan 3, 2025 20:22:48.795156002 CET1356650514210.99.92.49192.168.2.13
                        Jan 3, 2025 20:22:48.795217991 CET5051413566192.168.2.13210.99.92.49
                        Jan 3, 2025 20:22:48.799595118 CET3703213566192.168.2.13210.99.251.181
                        Jan 3, 2025 20:22:48.799923897 CET1356645460210.99.180.166192.168.2.13
                        Jan 3, 2025 20:22:48.799987078 CET4546013566192.168.2.13210.99.180.166
                        Jan 3, 2025 20:22:48.803998947 CET3573013566192.168.2.13210.99.182.55
                        Jan 3, 2025 20:22:48.804382086 CET1356637032210.99.251.181192.168.2.13
                        Jan 3, 2025 20:22:48.804416895 CET3703213566192.168.2.13210.99.251.181
                        Jan 3, 2025 20:22:48.805176020 CET5227613566192.168.2.13210.99.175.253
                        Jan 3, 2025 20:22:48.806999922 CET4161013566192.168.2.13210.99.92.190
                        Jan 3, 2025 20:22:48.808587074 CET3954813566192.168.2.13210.99.234.155
                        Jan 3, 2025 20:22:48.808756113 CET1356635730210.99.182.55192.168.2.13
                        Jan 3, 2025 20:22:48.808811903 CET3573013566192.168.2.13210.99.182.55
                        Jan 3, 2025 20:22:48.809396982 CET5918213566192.168.2.13210.99.224.65
                        Jan 3, 2025 20:22:48.809925079 CET1356652276210.99.175.253192.168.2.13
                        Jan 3, 2025 20:22:48.809971094 CET5227613566192.168.2.13210.99.175.253
                        Jan 3, 2025 20:22:48.810314894 CET4366213566192.168.2.13210.99.213.20
                        Jan 3, 2025 20:22:48.811103106 CET4666613566192.168.2.13210.99.181.187
                        Jan 3, 2025 20:22:48.811748981 CET1356641610210.99.92.190192.168.2.13
                        Jan 3, 2025 20:22:48.811791897 CET4161013566192.168.2.13210.99.92.190
                        Jan 3, 2025 20:22:48.811866045 CET4775013566192.168.2.13210.99.90.4
                        Jan 3, 2025 20:22:48.812674999 CET5515213566192.168.2.13210.99.81.61
                        Jan 3, 2025 20:22:48.813352108 CET1356639548210.99.234.155192.168.2.13
                        Jan 3, 2025 20:22:48.813399076 CET3954813566192.168.2.13210.99.234.155
                        Jan 3, 2025 20:22:48.813440084 CET5925213566192.168.2.13210.99.35.176
                        Jan 3, 2025 20:22:48.814157963 CET1356659182210.99.224.65192.168.2.13
                        Jan 3, 2025 20:22:48.814201117 CET5918213566192.168.2.13210.99.224.65
                        Jan 3, 2025 20:22:48.814203024 CET3375013566192.168.2.13210.99.197.88
                        Jan 3, 2025 20:22:48.814918041 CET3790213566192.168.2.13210.99.36.158
                        Jan 3, 2025 20:22:48.815037966 CET1356643662210.99.213.20192.168.2.13
                        Jan 3, 2025 20:22:48.815078020 CET4366213566192.168.2.13210.99.213.20
                        Jan 3, 2025 20:22:48.815869093 CET1356646666210.99.181.187192.168.2.13
                        Jan 3, 2025 20:22:48.815907955 CET4666613566192.168.2.13210.99.181.187
                        Jan 3, 2025 20:22:48.816601038 CET1356647750210.99.90.4192.168.2.13
                        Jan 3, 2025 20:22:48.816637993 CET4775013566192.168.2.13210.99.90.4
                        Jan 3, 2025 20:22:48.817435980 CET1356655152210.99.81.61192.168.2.13
                        Jan 3, 2025 20:22:48.817492008 CET5515213566192.168.2.13210.99.81.61
                        Jan 3, 2025 20:22:48.818165064 CET1356659252210.99.35.176192.168.2.13
                        Jan 3, 2025 20:22:48.818209887 CET5925213566192.168.2.13210.99.35.176
                        Jan 3, 2025 20:22:48.818979979 CET1356633750210.99.197.88192.168.2.13
                        Jan 3, 2025 20:22:48.819021940 CET3375013566192.168.2.13210.99.197.88
                        Jan 3, 2025 20:22:48.819670916 CET1356637902210.99.36.158192.168.2.13
                        Jan 3, 2025 20:22:48.819710970 CET3790213566192.168.2.13210.99.36.158
                        Jan 3, 2025 20:22:48.860627890 CET4270813566192.168.2.1383.222.191.90
                        Jan 3, 2025 20:22:48.865443945 CET135664270883.222.191.90192.168.2.13
                        Jan 3, 2025 20:22:48.865506887 CET4270813566192.168.2.1383.222.191.90
                        Jan 3, 2025 20:22:48.866564035 CET4270813566192.168.2.1383.222.191.90
                        Jan 3, 2025 20:22:48.871294022 CET135664270883.222.191.90192.168.2.13
                        Jan 3, 2025 20:22:48.871356010 CET4270813566192.168.2.1383.222.191.90
                        Jan 3, 2025 20:22:48.876174927 CET135664270883.222.191.90192.168.2.13
                        Jan 3, 2025 20:22:58.868851900 CET4270813566192.168.2.1383.222.191.90
                        Jan 3, 2025 20:22:58.873610020 CET135664270883.222.191.90192.168.2.13
                        Jan 3, 2025 20:22:59.078469992 CET135664270883.222.191.90192.168.2.13
                        Jan 3, 2025 20:22:59.078533888 CET4270813566192.168.2.1383.222.191.90
                        Jan 3, 2025 20:22:59.470439911 CET135664270883.222.191.90192.168.2.13
                        Jan 3, 2025 20:22:59.470578909 CET4270813566192.168.2.1383.222.191.90
                        Jan 3, 2025 20:23:59.525186062 CET4270813566192.168.2.1383.222.191.90
                        Jan 3, 2025 20:23:59.529979944 CET135664270883.222.191.90192.168.2.13
                        Jan 3, 2025 20:23:59.726475954 CET135664270883.222.191.90192.168.2.13
                        Jan 3, 2025 20:23:59.726599932 CET4270813566192.168.2.1383.222.191.90
                        Jan 3, 2025 20:24:00.470201969 CET135664270883.222.191.90192.168.2.13
                        Jan 3, 2025 20:24:00.470325947 CET4270813566192.168.2.1383.222.191.90

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jan 3, 2025 20:22:48.818862915 CET3363953192.168.2.138.8.8.8
                        Jan 3, 2025 20:22:48.826653004 CET53336398.8.8.8192.168.2.13
                        Jan 3, 2025 20:22:48.827888012 CET5012253192.168.2.138.8.8.8
                        Jan 3, 2025 20:22:48.835627079 CET53501228.8.8.8192.168.2.13
                        Jan 3, 2025 20:22:48.836572886 CET3940353192.168.2.138.8.8.8
                        Jan 3, 2025 20:22:48.843707085 CET53394038.8.8.8192.168.2.13
                        Jan 3, 2025 20:22:48.844641924 CET4108053192.168.2.138.8.8.8
                        Jan 3, 2025 20:22:48.851865053 CET53410808.8.8.8192.168.2.13
                        Jan 3, 2025 20:22:48.852897882 CET5938953192.168.2.138.8.8.8
                        Jan 3, 2025 20:22:48.859848022 CET53593898.8.8.8192.168.2.13

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Jan 3, 2025 20:22:48.818862915 CET192.168.2.138.8.8.80x9b2cStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                        Jan 3, 2025 20:22:48.827888012 CET192.168.2.138.8.8.80x9b2cStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                        Jan 3, 2025 20:22:48.836572886 CET192.168.2.138.8.8.80x9b2cStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                        Jan 3, 2025 20:22:48.844641924 CET192.168.2.138.8.8.80x9b2cStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                        Jan 3, 2025 20:22:48.852897882 CET192.168.2.138.8.8.80x9b2cStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Jan 3, 2025 20:22:48.826653004 CET8.8.8.8192.168.2.130x9b2cName error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                        Jan 3, 2025 20:22:48.835627079 CET8.8.8.8192.168.2.130x9b2cName error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                        Jan 3, 2025 20:22:48.843707085 CET8.8.8.8192.168.2.130x9b2cName error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                        Jan 3, 2025 20:22:48.851865053 CET8.8.8.8192.168.2.130x9b2cName error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                        Jan 3, 2025 20:22:48.859848022 CET8.8.8.8192.168.2.130x9b2cName error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false

                        System Behavior

                        General

                        Start time (UTC):19:22:48
                        Start date (UTC):03/01/2025
                        Path:/tmp/mpsl.elf
                        Arguments:/tmp/mpsl.elf
                        File size:5773336 bytes
                        MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                        Chronological Activities


                        General

                        Start time (UTC):19:22:48
                        Start date (UTC):03/01/2025
                        Path:/tmp/mpsl.elf
                        Arguments:-
                        File size:5773336 bytes
                        MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                        Chronological Activities


                        General

                        Start time (UTC):19:22:48
                        Start date (UTC):03/01/2025
                        Path:/tmp/mpsl.elf
                        Arguments:-
                        File size:5773336 bytes
                        MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                        Chronological Activities


                        General

                        Start time (UTC):19:22:48
                        Start date (UTC):03/01/2025
                        Path:/tmp/mpsl.elf
                        Arguments:-
                        File size:5773336 bytes
                        MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                        Chronological Activities