Edit tour

Linux Analysis Report
mpsl.elf

Overview

General Information

Sample name:mpsl.elf
Analysis ID:1639682
MD5:c285f69431290282786eac1af45c2c1f
SHA1:4a661bb9ae16025e417693e2f618bb71ce0dcd10
SHA256:7baaab7e37ae3bc4c662bd7a5f690874f079a26e95b9042b6a4ebf5af320ccff
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100

Signatures

Connects to many ports of the same IP (likely port scanning)
Uses STUN server to do NAT traversial
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Sleeps for long times indicative of sandbox evasion
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1639682
Start date and time:2025-03-16 02:40:45 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 22s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mpsl.elf
Detection:MAL
Classification:mal48.troj.linELF@0/2@1/0
Command:/tmp/mpsl.elf
PID:5432
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
For God so loved the world
Standard Error:
  • system is lnxubuntu20
  • mpsl.elf (PID: 5432, Parent: 5356, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/mpsl.elf
    • mpsl.elf New Fork (PID: 5434, Parent: 5432)
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Networking

barindex
Source: global trafficTCP traffic: 156.244.14.93 ports 40217,0,1,2,4,7
Source: unknownDNS query: name: stun.l.google.com
Source: global trafficTCP traffic: 192.168.2.13:52842 -> 156.244.14.93:40217
Source: global trafficUDP traffic: 192.168.2.13:41208 -> 74.125.250.129:19302
Source: /tmp/mpsl.elf (PID: 5434)Socket: 127.0.0.1:22448Jump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: global trafficDNS traffic detected: DNS query: stun.l.google.com
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.troj.linELF@0/2@1/0
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/236/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/237/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/238/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/239/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/914/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/10/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/917/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/3637/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/11/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/12/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/5273/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/13/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/14/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/15/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/16/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/17/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/18/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/19/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/240/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/3095/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/120/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/241/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/121/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/242/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/122/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/243/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/2/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/123/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/244/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/3/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/124/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/245/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/1588/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/125/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/4/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/246/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/126/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/5/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/247/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/127/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/6/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/248/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/128/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/7/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/249/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/129/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/8/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/9/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/1906/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/802/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/803/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/20/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/21/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/22/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/23/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/24/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/25/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/26/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/27/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/28/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/29/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/3420/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/1482/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/490/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/1480/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/250/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/371/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/130/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/251/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/131/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/252/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/132/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/253/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/254/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/1238/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/134/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/255/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/256/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/257/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/378/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/3413/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/258/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/259/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/1475/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/936/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/30/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)File opened: /proc/816/cmdlineJump to behavior
Source: /tmp/mpsl.elf (PID: 5434)Sleeps longer then 60s: 2147.483647sJump to behavior
Source: /tmp/mpsl.elf (PID: 5432)Queries kernel information via 'uname': Jump to behavior
Source: mpsl.elf, 5432.1.000055c824ab4000.000055c824b5b000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
Source: mpsl.elf, 5432.1.00007fd3b4439000.00007fd3b443f000.rw-.sdmpBinary or memory string: vmware
Source: mpsl.elf, 5432.1.00007fd3b4439000.00007fd3b443f000.rw-.sdmpBinary or memory string: qemu-arm
Source: mpsl.elf, 5432.1.00007ffd75658000.00007ffd75679000.rw-.sdmpBinary or memory string: /qemu-open.XXXXX
Source: mpsl.elf, 5432.1.00007ffd75658000.00007ffd75679000.rw-.sdmpBinary or memory string: /tmp/qemu-open.eGjBiV
Source: mpsl.elf, 5432.1.000055c824ab4000.000055c824b5b000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mipsel
Source: mpsl.elf, 5432.1.00007fd3b4439000.00007fd3b443f000.rw-.sdmpBinary or memory string: C!!a1gAWFxuAXsFWUgBRQAA!!a1gAWFxuAXsAWUgKRXgA!!a1gAWFxuAXsAWEgJR3IA!!a10CWFxuAHsGWVcWQHAA!!a10CWFxuAHsGWVcWQHUA!!aFwAWF9uA3sGW0gLRgAA!!aFwAWFlpG2QBW0gJTwAA!!qemu-arm2QBW0gJTwAA!
Source: mpsl.elf, 5432.1.00007ffd75658000.00007ffd75679000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mpsl.elf
Source: mpsl.elf, 5432.1.00007ffd75658000.00007ffd75679000.rw-.sdmpBinary or memory string: U/tmp/qemu-open.eGjBiV\Tc9
Source: mpsl.elf, 5432.1.00007ffd75658000.00007ffd75679000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
1
OS Credential Dumping
11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1639682 Sample: mpsl.elf Startdate: 16/03/2025 Architecture: LINUX Score: 48 11 stun.l.google.com 2->11 13 156.244.14.93, 40217, 52842 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 2->13 15 stun.l.google.com 74.125.250.129, 19302, 41208 GOOGLEUS United States 2->15 17 Connects to many ports of the same IP (likely port scanning) 2->17 7 mpsl.elf 2->7         started        signatures3 19 Uses STUN server to do NAT traversial 11->19 process4 process5 9 mpsl.elf 7->9         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
mpsl.elf8%ReversingLabsLinux.Trojan.Mirai
mpsl.elf6%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
stun.l.google.com
74.125.250.129
truefalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    156.244.14.93
    unknownSeychelles
    132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
    74.125.250.129
    stun.l.google.comUnited States
    15169GOOGLEUSfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    156.244.14.93aarch64.elfGet hashmaliciousUnknownBrowse
      sh4.elfGet hashmaliciousUnknownBrowse
        nimips.elfGet hashmaliciousUnknownBrowse
          arm6.elfGet hashmaliciousUnknownBrowse
            No context
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            POWERLINE-AS-APPOWERLINEDATACENTERHKaarch64.elfGet hashmaliciousUnknownBrowse
            • 156.244.14.93
            sh4.elfGet hashmaliciousUnknownBrowse
            • 156.244.14.93
            ppc.elfGet hashmaliciousUnknownBrowse
            • 156.244.45.113
            arm.elfGet hashmaliciousUnknownBrowse
            • 156.244.45.113
            KKveTTgaAAsecNNaaaa.x86.elfGet hashmaliciousUnknownBrowse
            • 147.78.152.244
            boatnet.mips.elfGet hashmaliciousMiraiBrowse
            • 156.253.227.112
            boatnet.ppc.elfGet hashmaliciousMiraiBrowse
            • 156.253.227.112
            boatnet.m68k.elfGet hashmaliciousMiraiBrowse
            • 156.253.227.112
            boatnet.sh4.elfGet hashmaliciousMiraiBrowse
            • 156.253.227.112
            boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
            • 156.253.227.112
            No context
            No context
            Process:/tmp/mpsl.elf
            File Type:data
            Category:dropped
            Size (bytes):14
            Entropy (8bit):3.2359263506290334
            Encrypted:false
            SSDEEP:3:TgLJLG:TgLFG
            MD5:F38566EE0BC1CD8FBC1A2366D5C73FFE
            SHA1:670B71B3B2F7C95A453BE48DE048B4D331E9AF5C
            SHA-256:8DE045D1FFCA4ADCA0440D72EE8946E5BE883FA1036732770285BF5A272DD618
            SHA-512:E57F865160CA30D18A02E3A408DC813DE15AB05E4831E8F92F431320C331C3D0F6806831E099DD93A1D07AC22AB7C890957DE1078C71EB711780F116AA228165
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:/tmp/mpsl.elf.
            Process:/tmp/mpsl.elf
            File Type:data
            Category:dropped
            Size (bytes):14
            Entropy (8bit):3.2359263506290334
            Encrypted:false
            SSDEEP:3:TgLJLG:TgLFG
            MD5:F38566EE0BC1CD8FBC1A2366D5C73FFE
            SHA1:670B71B3B2F7C95A453BE48DE048B4D331E9AF5C
            SHA-256:8DE045D1FFCA4ADCA0440D72EE8946E5BE883FA1036732770285BF5A272DD618
            SHA-512:E57F865160CA30D18A02E3A408DC813DE15AB05E4831E8F92F431320C331C3D0F6806831E099DD93A1D07AC22AB7C890957DE1078C71EB711780F116AA228165
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:/tmp/mpsl.elf.
            File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
            Entropy (8bit):4.928198927962359
            TrID:
            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
            File name:mpsl.elf
            File size:166'020 bytes
            MD5:c285f69431290282786eac1af45c2c1f
            SHA1:4a661bb9ae16025e417693e2f618bb71ce0dcd10
            SHA256:7baaab7e37ae3bc4c662bd7a5f690874f079a26e95b9042b6a4ebf5af320ccff
            SHA512:f0cb48359f43ca82547ecab51c2ce7cb25de473b625b2fd96dd4b831079a61a4e7d180bc31993b426eba335f02d8a9778d83f309e226d3ef2feed35a814bf30f
            SSDEEP:1536:xngbpz8XCm+CxsTGJm/K8NDAFbDrmN+4DkX9MElRtrU/:Vgtdm+CxMGs/VX1DkXbU
            TLSH:2EF37386BF913FFFD81ECD3602A58B05129C494A53D5AF772B34D508BA9B10A99D3C8C
            File Content Preview:.ELF....................`.@.4...........4. ...(...............@...@..~...~..............<...<.C.<.C......L..........Q.td...............................'...................<H..'!.............9'.. ........................<...'!... ........d9'.. ............

            ELF header

            Class:ELF32
            Data:2's complement, little endian
            Version:1 (current)
            Machine:MIPS R3000
            Version Number:0x1
            Type:EXEC (Executable file)
            OS/ABI:UNIX - System V
            ABI Version:0
            Entry Point Address:0x400260
            Flags:0x1007
            ELF Header Size:52
            Program Header Offset:52
            Program Header Size:32
            Number of Program Headers:3
            Section Header Offset:165540
            Section Header Size:40
            Number of Section Headers:12
            Header String Table Index:11
            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
            NULL0x00x00x00x00x0000
            .initPROGBITS0x4000940x940x7c0x00x6AX004
            .textPROGBITS0x4001100x1100x264500x00x6AX0016
            .finiPROGBITS0x4265600x265600x4c0x00x6AX004
            .rodataPROGBITS0x4265b00x265b00x18500x00x2A0016
            .ctorsPROGBITS0x43803c0x2803c0x80x00x3WA004
            .dtorsPROGBITS0x4380440x280440x80x00x3WA004
            .dataPROGBITS0x4380500x280500xb00x00x3WA0016
            .gotPROGBITS0x4381000x281000x5580x40x10000003WAp0016
            .sbssNOBITS0x4386580x286580x140x00x10000003WAp004
            .bssNOBITS0x4386700x286580x46b00x00x3WA0016
            .shstrtabSTRTAB0x00x286580x490x00x0001
            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
            LOAD0x00x4000000x4000000x27e000x27e004.94230x5R E0x10000.init .text .fini .rodata
            LOAD0x2803c0x43803c0x43803c0x61c0x4ce44.13510x6RW 0x10000.ctors .dtors .data .got .sbss .bss
            GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

            Download Network PCAP: filteredfull

            • Total Packets: 8
            • 40217 undefined
            • 19302 undefined
            • 53 (DNS)
            TimestampSource PortDest PortSource IPDest IP
            Mar 16, 2025 02:41:24.950984955 CET5284240217192.168.2.13156.244.14.93
            Mar 16, 2025 02:41:24.955852032 CET4021752842156.244.14.93192.168.2.13
            Mar 16, 2025 02:41:24.957005978 CET5284240217192.168.2.13156.244.14.93
            Mar 16, 2025 02:41:25.533174992 CET4021752842156.244.14.93192.168.2.13
            Mar 16, 2025 02:41:25.533296108 CET5284240217192.168.2.13156.244.14.93
            Mar 16, 2025 02:41:25.623557091 CET4021752842156.244.14.93192.168.2.13
            Mar 16, 2025 02:41:25.623718977 CET5284240217192.168.2.13156.244.14.93
            Mar 16, 2025 02:41:42.027837038 CET4021752842156.244.14.93192.168.2.13
            Mar 16, 2025 02:41:42.028103113 CET5284240217192.168.2.13156.244.14.93
            Mar 16, 2025 02:42:50.397877932 CET4021752842156.244.14.93192.168.2.13
            Mar 16, 2025 02:42:50.398216009 CET5284240217192.168.2.13156.244.14.93
            TimestampSource PortDest PortSource IPDest IP
            Mar 16, 2025 02:41:25.959719896 CET5279553192.168.2.138.8.8.8
            Mar 16, 2025 02:41:25.974513054 CET53527958.8.8.8192.168.2.13
            Mar 16, 2025 02:41:25.975157976 CET4120819302192.168.2.1374.125.250.129
            Mar 16, 2025 02:41:26.430668116 CET193024120874.125.250.129192.168.2.13
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Mar 16, 2025 02:41:25.959719896 CET192.168.2.138.8.8.80xec75Standard query (0)stun.l.google.comA (IP address)IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Mar 16, 2025 02:41:25.974513054 CET8.8.8.8192.168.2.130xec75No error (0)stun.l.google.com74.125.250.129A (IP address)IN (0x0001)false

            System Behavior

            Start time (UTC):01:41:23
            Start date (UTC):16/03/2025
            Path:/tmp/mpsl.elf
            Arguments:-
            File size:5773336 bytes
            MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9