Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
mpsl.elf

Overview

General Information

Sample name:mpsl.elf
Analysis ID:1644165
MD5:42099d0a633a730e00959e7f1cf5905f
SHA1:2cc052208371bf0532f4229029984bd3f1d5e0b6
SHA256:f31e08f9194938659c9ce874e17cefa47707abbca66dba37c10b0f550e927f0d
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Contains symbols with names commonly found in malware
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample and/or dropped files contains symbols with suspicious names
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1644165
Start date and time:2025-03-20 12:17:23 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 41s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mpsl.elf
Detection:MAL
Classification:mal76.troj.linELF@0/0@1/0

Runtime Messages

Command:/tmp/mpsl.elf
PID:5539
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
srolangvan.com
Standard Error:

Process Tree

  • system is lnxubuntu20
  • mpsl.elf (PID: 5539, Parent: 5457, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/mpsl.elf
    • mpsl.elf New Fork (PID: 5541, Parent: 5539)
      • mpsl.elf New Fork (PID: 5547, Parent: 5541)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
mpsl.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    mpsl.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x12d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12f04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12f18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12f2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5539.1.00007fc078400000.00007fc078414000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x12d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12f04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12f18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12f2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    Process Memory Space: mpsl.elf PID: 5539Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x7508:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x751c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7530:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7544:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7558:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x756c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7580:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7594:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x75a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x75bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x75d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x75e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x75f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x760c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7620:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7634:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7648:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x765c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7670:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7684:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x7698:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    • AV Detection
    • Networking
    • System Summary
    • Persistence and Installation Behavior
    • Malware Analysis System Evasion
    • Stealing of Sensitive Information
    • Remote Access Functionality

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: mpsl.elfAvira: detected
    Source: mpsl.elfReversingLabs: Detection: 47%
    Source: global trafficTCP traffic: 192.168.2.14:39278 -> 103.142.27.125:56999
    Source: /tmp/mpsl.elf (PID: 5539)Socket: 127.0.0.1:46157Jump to behavior
    Source: global trafficDNS traffic detected: DNS query: srolangvan.com

    System Summary

    barindex
    Source: mpsl.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5539.1.00007fc078400000.00007fc078414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: mpsl.elf PID: 5539, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: ELF static info symbol of initial sampleName: attack.c
    Source: ELF static info symbol of initial sampleName: attack_get_opt_int
    Source: ELF static info symbol of initial sampleName: attack_get_opt_ip
    Source: ELF static info symbol of initial sampleName: attack_init
    Source: ELF static info symbol of initial sampleName: attack_kill_all
    Source: ELF static info symbol of initial sampleName: attack_method_nudp
    Source: ELF static info symbol of initial sampleName: attack_method_stdhex
    Source: ELF static info symbol of initial sampleName: attack_method_tcp
    Source: ELF static info symbol of initial sampleName: attack_ongoing
    Source: ELF static info symbol of initial sampleName: attack_parse
    Source: mpsl.elfELF static info symbol of initial sample: hexPayload
    Source: mpsl.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5539.1.00007fc078400000.00007fc078414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: mpsl.elf PID: 5539, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: classification engineClassification label: mal76.troj.linELF@0/0@1/0
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3760/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3761/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/1583/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/2672/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/110/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3759/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/111/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/112/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/113/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/234/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/1577/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/114/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/235/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/115/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/116/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/117/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/118/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/119/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3877/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/10/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/917/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/11/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/12/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/13/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/14/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/15/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/16/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/17/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/18/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/19/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/1593/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/240/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/120/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3094/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/121/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/242/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3406/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/1/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/122/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/243/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/2/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/123/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/244/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/1589/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/124/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/245/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/1588/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/125/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/4/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/246/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3402/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/126/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/5/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/247/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/127/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/6/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/248/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/128/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/7/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/249/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/8/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/129/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/800/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3762/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/9/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/801/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/803/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/20/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/806/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/21/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/807/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/928/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/22/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/23/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/24/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/25/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/26/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/27/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/28/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/29/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3420/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/490/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/250/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/130/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/251/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/131/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/252/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/132/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/253/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/254/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/255/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/135/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/256/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/1599/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/257/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/378/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/258/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/3412/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/259/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/30/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/35/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/1371/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/260/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5547)File opened: /proc/261/cmdlineJump to behavior
    Source: /tmp/mpsl.elf (PID: 5539)Queries kernel information via 'uname': Jump to behavior
    Source: mpsl.elf, 5539.1.0000563a1b30b000.0000563a1b392000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
    Source: mpsl.elf, 5539.1.00007ffd71f84000.00007ffd71fa5000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mpsl.elf
    Source: mpsl.elf, 5539.1.0000563a1b30b000.0000563a1b392000.rw-.sdmpBinary or memory string: :V!/etc/qemu-binfmt/mipsel
    Source: mpsl.elf, 5539.1.00007ffd71f84000.00007ffd71fa5000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: mpsl.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: mpsl.elf, type: SAMPLE

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Masquerading    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local System1
    Non-Standard Port    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1644165 Sample: mpsl.elf Startdate: 20/03/2025 Architecture: LINUX Score: 76 14 srolangvan.com 103.142.27.125, 39278, 56999 WEBICO-AS-VNWebicoCompanyLimitedVN Viet Nam 2->14 16 Malicious sample detected (through community Yara rule) 2->16 18 Antivirus / Scanner detection for submitted sample 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 2 other signatures 2->22 8 mpsl.elf 2->8         started        signatures3 process4 process5 10 mpsl.elf 8->10         started        process6 12 mpsl.elf 10->12         started       

    Screenshots

    Download Video

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    mpsl.elf47%ReversingLabsLinux.Backdoor.Mirai
    mpsl.elf100%AviraEXP/ELF.Mirai.J

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Download Network PCAP: filteredfull

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    srolangvan.com
    		103.142.27.125
    		truefalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      103.142.27.125
      		srolangvan.comViet Nam
      		135951WEBICO-AS-VNWebicoCompanyLimitedVNfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      103.142.27.125arm.elfGet hashmaliciousUnknownBrowse
        arm6.elfGet hashmaliciousMiraiBrowse

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          srolangvan.comarm6.elfGet hashmaliciousMiraiBrowse
          • 103.142.27.125
          sh4.elfGet hashmaliciousMiraiBrowse
          • 160.22.161.89
          debug.dbg.elfGet hashmaliciousMiraiBrowse
          • 160.22.161.89
          x86.elfGet hashmaliciousMiraiBrowse
          • 160.22.161.89
          m68k.elfGet hashmaliciousUnknownBrowse
          • 160.22.161.89
          arm.elfGet hashmaliciousUnknownBrowse
          • 160.22.161.89
          ppc.elfGet hashmaliciousMiraiBrowse
          • 160.22.161.89
          mips.elfGet hashmaliciousMiraiBrowse
          • 160.22.161.89
          mpsl.elfGet hashmaliciousMiraiBrowse
          • 160.22.161.89
          arm6.elfGet hashmaliciousMiraiBrowse
          • 160.22.161.89

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          WEBICO-AS-VNWebicoCompanyLimitedVNarm.elfGet hashmaliciousUnknownBrowse
          • 103.142.27.125
          arm6.elfGet hashmaliciousMiraiBrowse
          • 103.142.27.125
          http://admin-globalviolationpolicies.online/Get hashmaliciousUnknownBrowse
          • 103.130.216.144
          0ILPz2ji09.exeGet hashmaliciousAgentTeslaBrowse
          • 103.130.216.118
          SecuriteInfo.com.Win32.PWSX-gen.18151.17745.exeGet hashmaliciousAgentTeslaBrowse
          • 103.130.216.118
          https://mail.thesteampowered.help/Get hashmaliciousUnknownBrowse
          • 103.130.217.240
          https://thesteampowered.help/Get hashmaliciousUnknownBrowse
          • 103.130.217.240
          https://store.thesteampowered.help/Get hashmaliciousUnknownBrowse
          • 103.130.217.240
          https://cachnhietkyanh.com.vn/Get hashmaliciousUnknownBrowse
          • 103.130.216.175
          skid.x86.elfGet hashmaliciousMoobotBrowse
          • 103.130.223.85

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
          Entropy (8bit):5.61743343266812
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:mpsl.elf
          File size:104'082 bytes
          MD5:42099d0a633a730e00959e7f1cf5905f
          SHA1:2cc052208371bf0532f4229029984bd3f1d5e0b6
          SHA256:f31e08f9194938659c9ce874e17cefa47707abbca66dba37c10b0f550e927f0d
          SHA512:3424e141610c34b68c22f01b59203ce8763177b15886499737fab4020a3a3c9315e56c435146ab2b88e7ea2dc1e38a86bd171a9230e92291c71b94b88c180b6e
          SSDEEP:1536:5KJXZaFiGDUFVnzFxCflRsPhwjB2XQIPbDHft3v5dIxGw3FWrTWoSxZdS:5KJJ2ZDIVnR8RYKjUDH9IxGoYrTSq
          TLSH:C4A33C07BFA10FFBDC4BCD3702DA4B11148DE95A23926726B138DE6CB65728E19D3864
          File Content Preview:.ELF......................@.4...(P......4. ...(...............@...@. >.. >...............@...@B..@B. ....6..............D@..D@B.D@B.................Q.td...............................<...'!......'.......................<...'!.............9'.. ............

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, little endian
          Version:1 (current)
          Machine:MIPS R3000
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x400290
          Flags:0x1007
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:4
          Section Header Offset:86056
          Section Header Size:40
          Number of Section Headers:19
          Header String Table Index:16

          Sections

          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .initPROGBITS0x4000b40xb40x8c0x00x6AX004
          .textPROGBITS0x4001400x1400x12b200x00x6AX0016
          .finiPROGBITS0x412c600x12c600x5c0x00x6AX004
          .rodataPROGBITS0x412cc00x12cc00x11600x00x2A0016
          .eh_framePROGBITS0x4240000x140000x440x00x3WA004
          .tbssNOBITS0x4240440x140440x80x00x403WAT004
          .ctorsPROGBITS0x4240440x140440x80x00x3WA004
          .dtorsPROGBITS0x42404c0x1404c0x80x00x3WA004
          .jcrPROGBITS0x4240540x140540x40x00x3WA004
          .dataPROGBITS0x4240600x140600x2540x00x3WA0016
          .gotPROGBITS0x4242c00x142c00x4600x40x10000003WAp0016
          .sbssNOBITS0x4247200x147200x340x00x10000003WAp004
          .bssNOBITS0x4247600x147200x2f300x00x3WA0016
          .commentPROGBITS0x00x147200x8820x00x0001
          .mdebug.abi32PROGBITS0x8820x14fa20x00x00x0001
          .shstrtabSTRTAB0x00x14fa20x850x00x0001
          .symtabSYMTAB0x00x153200x26800x100x0182284
          .strtabSTRTAB0x00x179a00x1cf20x00x0001

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x4000000x4000000x13e200x13e205.49120x5R E0x10000.init .text .fini .rodata
          LOAD0x140000x4240000x4240000x7200x36904.36390x6RW 0x10000.eh_frame .tbss .ctors .dtors .jcr .data .got .sbss .bss
          TLS0x140440x4240440x4240440x00x80.00000x4R 0x4.tbss
          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

          Symbols

          NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
          .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
          .symtab0x4000b40SECTION<unknown>DEFAULT1
          .symtab0x4001400SECTION<unknown>DEFAULT2
          .symtab0x412c600SECTION<unknown>DEFAULT3
          .symtab0x412cc00SECTION<unknown>DEFAULT4
          .symtab0x4240000SECTION<unknown>DEFAULT5
          .symtab0x4240440SECTION<unknown>DEFAULT6
          .symtab0x4240440SECTION<unknown>DEFAULT7
          .symtab0x42404c0SECTION<unknown>DEFAULT8
          .symtab0x4240540SECTION<unknown>DEFAULT9
          .symtab0x4240600SECTION<unknown>DEFAULT10
          .symtab0x4242c00SECTION<unknown>DEFAULT11
          .symtab0x4247200SECTION<unknown>DEFAULT12
          .symtab0x4247600SECTION<unknown>DEFAULT13
          .symtab0x00SECTION<unknown>DEFAULT14
          .symtab0x8820SECTION<unknown>DEFAULT15
          C.1.5091.symtab0x41362024OBJECT<unknown>DEFAULT4
          C.3.5380.symtab0x413a9c12OBJECT<unknown>DEFAULT4
          C.3.6114.symtab0x413de812OBJECT<unknown>DEFAULT4
          C.3.6172.symtab0x413dc012OBJECT<unknown>DEFAULT4
          C.4.6115.symtab0x413ddc12OBJECT<unknown>DEFAULT4
          C.5.6123.symtab0x413dd012OBJECT<unknown>DEFAULT4
          C.6.5518.symtab0x413a9012OBJECT<unknown>DEFAULT4
          FRAMESZ.symtab0x200NOTYPE<unknown>DEFAULTSHN_ABS
          GPOFF.symtab0x180NOTYPE<unknown>DEFAULTSHN_ABS
          LOCALSZ.symtab0x30NOTYPE<unknown>DEFAULTSHN_ABS
          LOCAL_ADDR.symtab0x4247204OBJECT<unknown>DEFAULT12
          RAOFF.symtab0x1c0NOTYPE<unknown>DEFAULTSHN_ABS
          V0OFF.symtab0x140NOTYPE<unknown>DEFAULTSHN_ABS
          _Exit.symtab0x40f0f076FUNC<unknown>DEFAULT2
          _GLOBAL_OFFSET_TABLE_.symtab0x4242c00OBJECT<unknown>DEFAULT11
          _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
          _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __CTOR_END__.symtab0x4240480OBJECT<unknown>DEFAULT7
          __CTOR_LIST__.symtab0x4240440OBJECT<unknown>DEFAULT7
          __C_ctype_b.symtab0x4241ac4OBJECT<unknown>DEFAULT10
          __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __C_ctype_b_data.symtab0x413ac0768OBJECT<unknown>DEFAULT4
          __DTOR_END__.symtab0x4240500OBJECT<unknown>DEFAULT8
          __DTOR_LIST__.symtab0x42404c0OBJECT<unknown>DEFAULT8
          __EH_FRAME_BEGIN__.symtab0x4240000OBJECT<unknown>DEFAULT5
          __FRAME_END__.symtab0x4240400OBJECT<unknown>DEFAULT5
          __GI___C_ctype_b.symtab0x4241ac4OBJECT<unknown>HIDDEN10
          __GI___close.symtab0x40e3cc176FUNC<unknown>HIDDEN2
          __GI___close_nocancel.symtab0x40e3a440FUNC<unknown>HIDDEN2
          __GI___ctype_b.symtab0x4241b04OBJECT<unknown>HIDDEN10
          __GI___errno_location.symtab0x40a7e028FUNC<unknown>HIDDEN2
          __GI___fcntl_nocancel.symtab0x409dd0108FUNC<unknown>HIDDEN2
          __GI___fgetc_unlocked.symtab0x4112b0388FUNC<unknown>HIDDEN2
          __GI___libc_close.symtab0x40e3cc176FUNC<unknown>HIDDEN2
          __GI___libc_fcntl.symtab0x409e3c268FUNC<unknown>HIDDEN2
          __GI___libc_open.symtab0x40e4bc192FUNC<unknown>HIDDEN2
          __GI___libc_read.symtab0x40e6bc192FUNC<unknown>HIDDEN2
          __GI___libc_write.symtab0x40e5bc192FUNC<unknown>HIDDEN2
          __GI___open.symtab0x40e4bc192FUNC<unknown>HIDDEN2
          __GI___open_nocancel.symtab0x40e49440FUNC<unknown>HIDDEN2
          __GI___read.symtab0x40e6bc192FUNC<unknown>HIDDEN2
          __GI___read_nocancel.symtab0x40e69440FUNC<unknown>HIDDEN2
          __GI___sigaddset.symtab0x40b52844FUNC<unknown>HIDDEN2
          __GI___sigdelset.symtab0x40b55448FUNC<unknown>HIDDEN2
          __GI___sigismember.symtab0x40b50040FUNC<unknown>HIDDEN2
          __GI___uClibc_fini.symtab0x40e930204FUNC<unknown>HIDDEN2
          __GI___uClibc_init.symtab0x40ea84120FUNC<unknown>HIDDEN2
          __GI___write.symtab0x40e5bc192FUNC<unknown>HIDDEN2
          __GI___write_nocancel.symtab0x40e59440FUNC<unknown>HIDDEN2
          __GI__exit.symtab0x40f0f076FUNC<unknown>HIDDEN2
          __GI_abort.symtab0x40ccf0408FUNC<unknown>HIDDEN2
          __GI_accept.symtab0x40aa4c220FUNC<unknown>HIDDEN2
          __GI_bind.symtab0x40ab3060FUNC<unknown>HIDDEN2
          __GI_brk.symtab0x4123f080FUNC<unknown>HIDDEN2
          __GI_close.symtab0x40e3cc176FUNC<unknown>HIDDEN2
          __GI_closedir.symtab0x40a2b0292FUNC<unknown>HIDDEN2
          __GI_config_close.symtab0x40fe04132FUNC<unknown>HIDDEN2
          __GI_config_open.symtab0x40fe88116FUNC<unknown>HIDDEN2
          __GI_config_read.symtab0x40f9401220FUNC<unknown>HIDDEN2
          __GI_connect.symtab0x40abac220FUNC<unknown>HIDDEN2
          __GI_exit.symtab0x40d610240FUNC<unknown>HIDDEN2
          __GI_fclose.symtab0x40ff00804FUNC<unknown>HIDDEN2
          __GI_fcntl.symtab0x409e3c268FUNC<unknown>HIDDEN2
          __GI_fflush_unlocked.symtab0x410ef8940FUNC<unknown>HIDDEN2
          __GI_fgetc.symtab0x4109b0372FUNC<unknown>HIDDEN2
          __GI_fgetc_unlocked.symtab0x4112b0388FUNC<unknown>HIDDEN2
          __GI_fgets.symtab0x410b30320FUNC<unknown>HIDDEN2
          __GI_fgets_unlocked.symtab0x411440276FUNC<unknown>HIDDEN2
          __GI_fopen.symtab0x41023028FUNC<unknown>HIDDEN2
          __GI_fork.symtab0x40dc20988FUNC<unknown>HIDDEN2
          __GI_fstat.symtab0x40f140136FUNC<unknown>HIDDEN2
          __GI_getc_unlocked.symtab0x4112b0388FUNC<unknown>HIDDEN2
          __GI_getdtablesize.symtab0x40f2e072FUNC<unknown>HIDDEN2
          __GI_getegid.symtab0x40f33016FUNC<unknown>HIDDEN2
          __GI_geteuid.symtab0x40f34016FUNC<unknown>HIDDEN2
          __GI_getgid.symtab0x40f35016FUNC<unknown>HIDDEN2
          __GI_getpagesize.symtab0x40f36048FUNC<unknown>HIDDEN2
          __GI_getpid.symtab0x40e00084FUNC<unknown>HIDDEN2
          __GI_getrlimit.symtab0x40f39060FUNC<unknown>HIDDEN2
          __GI_getsockname.symtab0x40ac9060FUNC<unknown>HIDDEN2
          __GI_getuid.symtab0x40f3d016FUNC<unknown>HIDDEN2
          __GI_inet_addr.symtab0x40a9c072FUNC<unknown>HIDDEN2
          __GI_inet_aton.symtab0x411e80284FUNC<unknown>HIDDEN2
          __GI_initstate_r.symtab0x40d3cc300FUNC<unknown>HIDDEN2
          __GI_ioctl.symtab0x4124c0248FUNC<unknown>HIDDEN2
          __GI_isatty.symtab0x411d9060FUNC<unknown>HIDDEN2
          __GI_kill.symtab0x409f6056FUNC<unknown>HIDDEN2
          __GI_listen.symtab0x40ad3060FUNC<unknown>HIDDEN2
          __GI_lseek64.symtab0x412b60136FUNC<unknown>HIDDEN2
          __GI_memcpy.symtab0x411560308FUNC<unknown>HIDDEN2
          __GI_memmove.symtab0x4116a0824FUNC<unknown>HIDDEN2
          __GI_mempcpy.symtab0x412ab076FUNC<unknown>HIDDEN2
          __GI_memset.symtab0x40a870144FUNC<unknown>HIDDEN2
          __GI_mmap.symtab0x40ef70112FUNC<unknown>HIDDEN2
          __GI_mremap.symtab0x40f3e096FUNC<unknown>HIDDEN2
          __GI_munmap.symtab0x40f44060FUNC<unknown>HIDDEN2
          __GI_nanosleep.symtab0x40f4bc200FUNC<unknown>HIDDEN2
          __GI_open.symtab0x40e4bc192FUNC<unknown>HIDDEN2
          __GI_opendir.symtab0x40a4f4240FUNC<unknown>HIDDEN2
          __GI_raise.symtab0x40e060264FUNC<unknown>HIDDEN2
          __GI_random.symtab0x40ceb0164FUNC<unknown>HIDDEN2
          __GI_random_r.symtab0x40d190172FUNC<unknown>HIDDEN2
          __GI_read.symtab0x40e6bc192FUNC<unknown>HIDDEN2
          __GI_readdir.symtab0x40a6d0264FUNC<unknown>HIDDEN2
          __GI_readdir64.symtab0x40f830272FUNC<unknown>HIDDEN2
          __GI_readlink.symtab0x40a00060FUNC<unknown>HIDDEN2
          __GI_recv.symtab0x40adac240FUNC<unknown>HIDDEN2
          __GI_recvfrom.symtab0x40af10280FUNC<unknown>HIDDEN2
          __GI_sbrk.symtab0x40f590164FUNC<unknown>HIDDEN2
          __GI_select.symtab0x40a0a0260FUNC<unknown>HIDDEN2
          __GI_send.symtab0x40b06c240FUNC<unknown>HIDDEN2
          __GI_sendto.symtab0x40b1d0280FUNC<unknown>HIDDEN2
          __GI_setsid.symtab0x40a1b060FUNC<unknown>HIDDEN2
          __GI_setsockopt.symtab0x40b2f096FUNC<unknown>HIDDEN2
          __GI_setstate_r.symtab0x40d4f8272FUNC<unknown>HIDDEN2
          __GI_sigaction.symtab0x40efe028FUNC<unknown>HIDDEN2
          __GI_sigaddset.symtab0x40b39076FUNC<unknown>HIDDEN2
          __GI_sigemptyset.symtab0x40b3e036FUNC<unknown>HIDDEN2
          __GI_signal.symtab0x40b410228FUNC<unknown>HIDDEN2
          __GI_sigprocmask.symtab0x40a1f0176FUNC<unknown>HIDDEN2
          __GI_sleep.symtab0x40e170404FUNC<unknown>HIDDEN2
          __GI_socket.symtab0x40b35060FUNC<unknown>HIDDEN2
          __GI_srandom_r.symtab0x40d23c400FUNC<unknown>HIDDEN2
          __GI_strchr.symtab0x4119e0248FUNC<unknown>HIDDEN2
          __GI_strchrnul.symtab0x411ae0248FUNC<unknown>HIDDEN2
          __GI_strcmp.symtab0x411be044FUNC<unknown>HIDDEN2
          __GI_strcoll.symtab0x411be044FUNC<unknown>HIDDEN2
          __GI_strcspn.symtab0x411c10144FUNC<unknown>HIDDEN2
          __GI_strlen.symtab0x40a900184FUNC<unknown>HIDDEN2
          __GI_strrchr.symtab0x411ca0160FUNC<unknown>HIDDEN2
          __GI_strspn.symtab0x411d4072FUNC<unknown>HIDDEN2
          __GI_sysconf.symtab0x40d8fc792FUNC<unknown>HIDDEN2
          __GI_tcgetattr.symtab0x411dd0176FUNC<unknown>HIDDEN2
          __GI_time.symtab0x40a2a016FUNC<unknown>HIDDEN2
          __GI_times.symtab0x40f64016FUNC<unknown>HIDDEN2
          __GI_write.symtab0x40e5bc192FUNC<unknown>HIDDEN2
          __JCR_END__.symtab0x4240540OBJECT<unknown>DEFAULT9
          __JCR_LIST__.symtab0x4240540OBJECT<unknown>DEFAULT9
          __app_fini.symtab0x424d3c4OBJECT<unknown>HIDDEN13
          __atexit_lock.symtab0x42418024OBJECT<unknown>DEFAULT10
          __bss_start.symtab0x4247200NOTYPE<unknown>DEFAULTSHN_ABS
          __check_one_fd.symtab0x40e9fc136FUNC<unknown>DEFAULT2
          __close.symtab0x40e3cc176FUNC<unknown>DEFAULT2
          __close_nocancel.symtab0x40e3a440FUNC<unknown>DEFAULT2
          __ctype_b.symtab0x4241b04OBJECT<unknown>DEFAULT10
          __curbrk.symtab0x4272b04OBJECT<unknown>HIDDEN13
          __deregister_frame_info.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
          __do_global_ctors_aux.symtab0x412bf00FUNC<unknown>DEFAULT2
          __do_global_dtors_aux.symtab0x4001400FUNC<unknown>DEFAULT2
          __environ.symtab0x424d344OBJECT<unknown>DEFAULT13
          __errno_location.symtab0x40a7e028FUNC<unknown>DEFAULT2
          __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __exit_cleanup.symtab0x4247d04OBJECT<unknown>HIDDEN13
          __fcntl_nocancel.symtab0x409dd0108FUNC<unknown>DEFAULT2
          __fgetc_unlocked.symtab0x4112b0388FUNC<unknown>DEFAULT2
          __fini_array_end.symtab0x4240440NOTYPE<unknown>HIDDEN6
          __fini_array_start.symtab0x4240440NOTYPE<unknown>HIDDEN6
          __fork.symtab0x40dc20988FUNC<unknown>DEFAULT2
          __fork_generation_pointer.symtab0x4247244OBJECT<unknown>HIDDEN12
          __fork_handlers.symtab0x4247284OBJECT<unknown>HIDDEN12
          __fork_lock.symtab0x4247e04OBJECT<unknown>HIDDEN13
          __getdents.symtab0x40f1d0268FUNC<unknown>HIDDEN2
          __getdents64.symtab0x4125c0436FUNC<unknown>HIDDEN2
          __getpagesize.symtab0x40f36048FUNC<unknown>DEFAULT2
          __getpid.symtab0x40e00084FUNC<unknown>DEFAULT2
          __h_errno_location.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
          __init_array_end.symtab0x4240440NOTYPE<unknown>HIDDEN6
          __init_array_start.symtab0x4240440NOTYPE<unknown>HIDDEN6
          __libc_accept.symtab0x40aa4c220FUNC<unknown>DEFAULT2
          __libc_close.symtab0x40e3cc176FUNC<unknown>DEFAULT2
          __libc_connect.symtab0x40abac220FUNC<unknown>DEFAULT2
          __libc_disable_asynccancel.symtab0x40e780136FUNC<unknown>HIDDEN2
          __libc_enable_asynccancel.symtab0x40e808220FUNC<unknown>HIDDEN2
          __libc_errno.symtab0x04TLS<unknown>HIDDEN6
          __libc_fcntl.symtab0x409e3c268FUNC<unknown>DEFAULT2
          __libc_fork.symtab0x40dc20988FUNC<unknown>DEFAULT2
          __libc_h_errno.symtab0x44TLS<unknown>HIDDEN6
          __libc_nanosleep.symtab0x40f4bc200FUNC<unknown>DEFAULT2
          __libc_open.symtab0x40e4bc192FUNC<unknown>DEFAULT2
          __libc_read.symtab0x40e6bc192FUNC<unknown>DEFAULT2
          __libc_recv.symtab0x40adac240FUNC<unknown>DEFAULT2
          __libc_recvfrom.symtab0x40af10280FUNC<unknown>DEFAULT2
          __libc_select.symtab0x40a0a0260FUNC<unknown>DEFAULT2
          __libc_send.symtab0x40b06c240FUNC<unknown>DEFAULT2
          __libc_sendto.symtab0x40b1d0280FUNC<unknown>DEFAULT2
          __libc_setup_tls.symtab0x412078660FUNC<unknown>DEFAULT2
          __libc_sigaction.symtab0x40efe028FUNC<unknown>DEFAULT2
          __libc_stack_end.symtab0x424d304OBJECT<unknown>DEFAULT13
          __libc_write.symtab0x40e5bc192FUNC<unknown>DEFAULT2
          __lll_lock_wait_private.symtab0x40e310120FUNC<unknown>HIDDEN2
          __malloc_consolidate.symtab0x40c7f4520FUNC<unknown>HIDDEN2
          __malloc_largebin_index.symtab0x40b590140FUNC<unknown>DEFAULT2
          __malloc_lock.symtab0x42408024OBJECT<unknown>DEFAULT10
          __malloc_state.symtab0x427318888OBJECT<unknown>DEFAULT13
          __malloc_trim.symtab0x40c6d0292FUNC<unknown>DEFAULT2
          __nptl_deallocate_tsd.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
          __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
          __open.symtab0x40e4bc192FUNC<unknown>DEFAULT2
          __open_nocancel.symtab0x40e49440FUNC<unknown>DEFAULT2
          __pagesize.symtab0x424d384OBJECT<unknown>DEFAULT13
          __preinit_array_end.symtab0x4240440NOTYPE<unknown>HIDDEN6
          __preinit_array_start.symtab0x4240440NOTYPE<unknown>HIDDEN6
          __progname.symtab0x4241a44OBJECT<unknown>DEFAULT10
          __progname_full.symtab0x4241a84OBJECT<unknown>DEFAULT10
          __pthread_initialize_minimal.symtab0x41230c28FUNC<unknown>DEFAULT2
          __pthread_mutex_init.symtab0x40e8f88FUNC<unknown>DEFAULT2
          __pthread_mutex_lock.symtab0x40e8f08FUNC<unknown>DEFAULT2
          __pthread_mutex_trylock.symtab0x40e8f08FUNC<unknown>DEFAULT2
          __pthread_mutex_unlock.symtab0x40e8f08FUNC<unknown>DEFAULT2
          __pthread_return_0.symtab0x40e8f08FUNC<unknown>DEFAULT2
          __pthread_unwind.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
          __read.symtab0x40e6bc192FUNC<unknown>DEFAULT2
          __read_nocancel.symtab0x40e69440FUNC<unknown>DEFAULT2
          __register_frame_info.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
          __rtld_fini.symtab0x424d404OBJECT<unknown>HIDDEN13
          __sigaddset.symtab0x40b52844FUNC<unknown>DEFAULT2
          __sigdelset.symtab0x40b55448FUNC<unknown>DEFAULT2
          __sigismember.symtab0x40b50040FUNC<unknown>DEFAULT2
          __sigjmp_save.symtab0x412b0096FUNC<unknown>HIDDEN2
          __sigsetjmp.symtab0x40f02036FUNC<unknown>DEFAULT2
          __sigsetjmp_aux.symtab0x412440128FUNC<unknown>DEFAULT2
          __start.symtab0x400290100FUNC<unknown>DEFAULT2
          __stdin.symtab0x4241dc4OBJECT<unknown>DEFAULT10
          __stdio_READ.symtab0x412780144FUNC<unknown>HIDDEN2
          __stdio_WRITE.symtab0x412810344FUNC<unknown>HIDDEN2
          __stdio_rfill.symtab0x41297088FUNC<unknown>HIDDEN2
          __stdio_trans2r_o.symtab0x4129d0220FUNC<unknown>HIDDEN2
          __stdio_wcommit.symtab0x410940100FUNC<unknown>HIDDEN2
          __stdout.symtab0x4241e04OBJECT<unknown>DEFAULT10
          __sys_accept.symtab0x40aa1060FUNC<unknown>DEFAULT2
          __sys_connect.symtab0x40ab7060FUNC<unknown>DEFAULT2
          __sys_recv.symtab0x40ad7060FUNC<unknown>DEFAULT2
          __sys_recvfrom.symtab0x40aea0112FUNC<unknown>DEFAULT2
          __sys_send.symtab0x40b03060FUNC<unknown>DEFAULT2
          __sys_sendto.symtab0x40b160112FUNC<unknown>DEFAULT2
          __syscall_error.symtab0x40f05092FUNC<unknown>DEFAULT2
          __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __syscall_nanosleep.symtab0x40f48060FUNC<unknown>DEFAULT2
          __syscall_rt_sigaction.symtab0x40f0b060FUNC<unknown>DEFAULT2
          __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __syscall_select.symtab0x40a04096FUNC<unknown>DEFAULT2
          __tls_get_addr.symtab0x41205832FUNC<unknown>DEFAULT2
          __uClibc_fini.symtab0x40e930204FUNC<unknown>DEFAULT2
          __uClibc_init.symtab0x40ea84120FUNC<unknown>DEFAULT2
          __uClibc_main.symtab0x40eafc1132FUNC<unknown>DEFAULT2
          __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __uclibc_progname.symtab0x4241a04OBJECT<unknown>HIDDEN10
          __write.symtab0x40e5bc192FUNC<unknown>DEFAULT2
          __write_nocancel.symtab0x40e59440FUNC<unknown>DEFAULT2
          __xstat32_conv.symtab0x40f748220FUNC<unknown>HIDDEN2
          __xstat64_conv.symtab0x40f650248FUNC<unknown>HIDDEN2
          _dl_aux_init.symtab0x41233040FUNC<unknown>DEFAULT2
          _dl_nothread_init_static_tls.symtab0x412358148FUNC<unknown>HIDDEN2
          _dl_phdr.symtab0x42474c4OBJECT<unknown>DEFAULT12
          _dl_phnum.symtab0x4247504OBJECT<unknown>DEFAULT12
          _dl_tls_dtv_gaps.symtab0x4247401OBJECT<unknown>DEFAULT12
          _dl_tls_dtv_slotinfo_list.symtab0x42473c4OBJECT<unknown>DEFAULT12
          _dl_tls_generation.symtab0x4247444OBJECT<unknown>DEFAULT12
          _dl_tls_max_dtv_idx.symtab0x4247344OBJECT<unknown>DEFAULT12
          _dl_tls_setup.symtab0x411ff4100FUNC<unknown>DEFAULT2
          _dl_tls_static_align.symtab0x4247304OBJECT<unknown>DEFAULT12
          _dl_tls_static_nelem.symtab0x4247484OBJECT<unknown>DEFAULT12
          _dl_tls_static_size.symtab0x4247384OBJECT<unknown>DEFAULT12
          _dl_tls_static_used.symtab0x42472c4OBJECT<unknown>DEFAULT12
          _edata.symtab0x4247200NOTYPE<unknown>DEFAULTSHN_ABS
          _end.symtab0x4276900NOTYPE<unknown>DEFAULTSHN_ABS
          _exit.symtab0x40f0f076FUNC<unknown>DEFAULT2
          _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _fbss.symtab0x4247200NOTYPE<unknown>DEFAULTSHN_ABS
          _fdata.symtab0x4240600NOTYPE<unknown>DEFAULT10
          _fini.symtab0x412c6028FUNC<unknown>DEFAULT3
          _fixed_buffers.symtab0x424d708192OBJECT<unknown>DEFAULT13
          _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _ftext.symtab0x4001400NOTYPE<unknown>DEFAULT2
          _gp.symtab0x42c2b00NOTYPE<unknown>DEFAULTSHN_ABS
          _gp_disp.symtab0x00OBJECT<unknown>DEFAULTSHN_UNDEF
          _init.symtab0x4000b428FUNC<unknown>DEFAULT1
          _pthread_cleanup_pop_restore.symtab0x40e90c36FUNC<unknown>DEFAULT2
          _pthread_cleanup_push_defer.symtab0x40e90012FUNC<unknown>DEFAULT2
          _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _setjmp.symtab0x40f00028FUNC<unknown>DEFAULT2
          _sigintr.symtab0x42730816OBJECT<unknown>HIDDEN13
          _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _stdio_fopen.symtab0x4102501168FUNC<unknown>HIDDEN2
          _stdio_init.symtab0x4106e0184FUNC<unknown>HIDDEN2
          _stdio_openlist.symtab0x4241e44OBJECT<unknown>DEFAULT10
          _stdio_openlist_add_lock.symtab0x424d5012OBJECT<unknown>DEFAULT13
          _stdio_openlist_dec_use.symtab0x410c70648FUNC<unknown>HIDDEN2
          _stdio_openlist_del_count.symtab0x424d6c4OBJECT<unknown>DEFAULT13
          _stdio_openlist_del_lock.symtab0x424d5c12OBJECT<unknown>DEFAULT13
          _stdio_openlist_use_count.symtab0x424d684OBJECT<unknown>DEFAULT13
          _stdio_streams.symtab0x4241e8204OBJECT<unknown>DEFAULT10
          _stdio_term.symtab0x410798416FUNC<unknown>HIDDEN2
          _stdio_user_locking.symtab0x4241c04OBJECT<unknown>DEFAULT10
          _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          abort.symtab0x40ccf0408FUNC<unknown>DEFAULT2
          abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          accept.symtab0x40aa4c220FUNC<unknown>DEFAULT2
          accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          anti_gdb_entry.symtab0x4071b432FUNC<unknown>DEFAULT2
          attack.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          attack_get_opt_int.symtab0x4009f0116FUNC<unknown>DEFAULT2
          attack_get_opt_ip.symtab0x40097c116FUNC<unknown>DEFAULT2
          attack_init.symtab0x400a641220FUNC<unknown>DEFAULT2
          attack_kill_all.symtab0x40048c448FUNC<unknown>DEFAULT2
          attack_method_nudp.symtab0x4062342404FUNC<unknown>DEFAULT2
          attack_method_stdhex.symtab0x405dbc1144FUNC<unknown>DEFAULT2
          attack_method_tcp.symtab0x4017dc2200FUNC<unknown>DEFAULT2
          attack_ongoing.symtab0x42478832OBJECT<unknown>DEFAULT13
          attack_parse.symtab0x40064c816FUNC<unknown>DEFAULT2
          attack_start.symtab0x400300396FUNC<unknown>DEFAULT2
          attack_tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          attack_tcp_ack.symtab0x4033e02376FUNC<unknown>DEFAULT2
          attack_tcp_legit.symtab0x4046442356FUNC<unknown>DEFAULT2
          attack_tcp_null.symtab0x404f782576FUNC<unknown>DEFAULT2
          attack_tcp_sack2.symtab0x4020742240FUNC<unknown>DEFAULT2
          attack_tcp_stomp.symtab0x4029342732FUNC<unknown>DEFAULT2
          attack_tcp_syn.symtab0x400f282228FUNC<unknown>DEFAULT2
          attack_tcp_syndata.symtab0x403d282332FUNC<unknown>DEFAULT2
          attack_udp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          attack_udp_plain.symtab0x4059901068FUNC<unknown>DEFAULT2
          been_there_done_that.symtab0x4247c04OBJECT<unknown>DEFAULT13
          bind.symtab0x40ab3060FUNC<unknown>DEFAULT2
          bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          brk.symtab0x4123f080FUNC<unknown>DEFAULT2
          brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          bsd_signal.symtab0x40b410228FUNC<unknown>DEFAULT2
          calloc.symtab0x40c0f0344FUNC<unknown>DEFAULT2
          calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          checksum_generic.symtab0x406b9892FUNC<unknown>DEFAULT2
          checksum_tcpudp.symtab0x406bf4176FUNC<unknown>DEFAULT2
          clock.symtab0x40a800108FUNC<unknown>DEFAULT2
          clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          close.symtab0x40e3cc176FUNC<unknown>DEFAULT2
          closedir.symtab0x40a2b0292FUNC<unknown>DEFAULT2
          closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          completed.4786.symtab0x4247601OBJECT<unknown>DEFAULT13
          connect.symtab0x40abac220FUNC<unknown>DEFAULT2
          connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          ensure_single_instance.symtab0x4071d4568FUNC<unknown>DEFAULT2
          environ.symtab0x424d344OBJECT<unknown>DEFAULT13
          errno.symtab0x04TLS<unknown>DEFAULT6
          errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          exit.symtab0x40d610240FUNC<unknown>DEFAULT2
          exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fclose.symtab0x40ff00804FUNC<unknown>DEFAULT2
          fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fcntl.symtab0x409e3c268FUNC<unknown>DEFAULT2
          fd_ctrl.symtab0x4240684OBJECT<unknown>DEFAULT10
          fd_serv.symtab0x42406c4OBJECT<unknown>DEFAULT10
          fd_to_DIR.symtab0x40a3e0276FUNC<unknown>DEFAULT2
          fdopendir.symtab0x40a5e4228FUNC<unknown>DEFAULT2
          fflush_unlocked.symtab0x410ef8940FUNC<unknown>DEFAULT2
          fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fgetc.symtab0x4109b0372FUNC<unknown>DEFAULT2
          fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fgetc_unlocked.symtab0x4112b0388FUNC<unknown>DEFAULT2
          fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fgets.symtab0x410b30320FUNC<unknown>DEFAULT2
          fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fgets_unlocked.symtab0x411440276FUNC<unknown>DEFAULT2
          fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fopen.symtab0x41023028FUNC<unknown>DEFAULT2
          fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fork.symtab0x40dc20988FUNC<unknown>DEFAULT2
          fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fork_handler_pool.symtab0x4247e41348OBJECT<unknown>DEFAULT13
          frame_dummy.symtab0x4001fc0FUNC<unknown>DEFAULT2
          free.symtab0x40c9fc660FUNC<unknown>DEFAULT2
          free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fstat.symtab0x40f140136FUNC<unknown>DEFAULT2
          fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getc.symtab0x4109b0372FUNC<unknown>DEFAULT2
          getc_unlocked.symtab0x4112b0388FUNC<unknown>DEFAULT2
          getdents.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getdtablesize.symtab0x40f2e072FUNC<unknown>DEFAULT2
          getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getegid.symtab0x40f33016FUNC<unknown>DEFAULT2
          getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          geteuid.symtab0x40f34016FUNC<unknown>DEFAULT2
          geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getgid.symtab0x40f35016FUNC<unknown>DEFAULT2
          getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getpagesize.symtab0x40f36048FUNC<unknown>DEFAULT2
          getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getpid.symtab0x40e00084FUNC<unknown>DEFAULT2
          getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getppid.symtab0x409f5016FUNC<unknown>DEFAULT2
          getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getrlimit.symtab0x40f39060FUNC<unknown>DEFAULT2
          getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getsockname.symtab0x40ac9060FUNC<unknown>DEFAULT2
          getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getsockopt.symtab0x40acd096FUNC<unknown>DEFAULT2
          getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getuid.symtab0x40f3d016FUNC<unknown>DEFAULT2
          getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          h_errno.symtab0x44TLS<unknown>DEFAULT6
          hexPayload.symtab0x4240644OBJECT<unknown>DEFAULT10
          hlt.symtab0x4002ec0NOTYPE<unknown>DEFAULT2
          index.symtab0x4119e0248FUNC<unknown>DEFAULT2
          inet_addr.symtab0x40a9c072FUNC<unknown>DEFAULT2
          inet_aton.symtab0x411e80284FUNC<unknown>DEFAULT2
          inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          init_static_tls.symtab0x411fa084FUNC<unknown>DEFAULT2
          initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          initstate.symtab0x40d00c208FUNC<unknown>DEFAULT2
          initstate_r.symtab0x40d3cc300FUNC<unknown>DEFAULT2
          ioctl.symtab0x4124c0248FUNC<unknown>DEFAULT2
          ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          isatty.symtab0x411d9060FUNC<unknown>DEFAULT2
          isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          kill.symtab0x409f6056FUNC<unknown>DEFAULT2
          kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          killer.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          killer_init.symtab0x406f50612FUNC<unknown>DEFAULT2
          killer_kill.symtab0x406ca460FUNC<unknown>DEFAULT2
          killer_kill_by_port.symtab0x408e482372FUNC<unknown>DEFAULT2
          killer_mirai_exists.symtab0x406ce0624FUNC<unknown>DEFAULT2
          killer_pid.symtab0x4247a84OBJECT<unknown>DEFAULT13
          libc-cancellation.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc-lowlevellock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc-tls.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          listen.symtab0x40ad3060FUNC<unknown>DEFAULT2
          listen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          local_bind.4448.symtab0x4240741OBJECT<unknown>DEFAULT10
          lseek64.symtab0x412b60136FUNC<unknown>DEFAULT2
          main.symtab0x4075002824FUNC<unknown>DEFAULT2
          main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          malloc.symtab0x40b61c2764FUNC<unknown>DEFAULT2
          malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          malloc_trim.symtab0x40cc9084FUNC<unknown>DEFAULT2
          memcpy.symtab0x411560308FUNC<unknown>DEFAULT2
          memmove.symtab0x4116a0824FUNC<unknown>DEFAULT2
          memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          mempcpy.symtab0x412ab076FUNC<unknown>DEFAULT2
          mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          memset.symtab0x40a870144FUNC<unknown>DEFAULT2
          methods.symtab0x4247844OBJECT<unknown>DEFAULT13
          methods_len.symtab0x4247801OBJECT<unknown>DEFAULT13
          mmap.symtab0x40ef70112FUNC<unknown>DEFAULT2
          mmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          mremap.symtab0x40f3e096FUNC<unknown>DEFAULT2
          mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          munmap.symtab0x40f44060FUNC<unknown>DEFAULT2
          munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          mylock.symtab0x4240a024OBJECT<unknown>DEFAULT10
          mylock.symtab0x4240c024OBJECT<unknown>DEFAULT10
          nanosleep.symtab0x40f4bc200FUNC<unknown>DEFAULT2
          nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          nprocessors_onln.symtab0x40d700508FUNC<unknown>DEFAULT2
          object.4798.symtab0x42476424OBJECT<unknown>DEFAULT13
          open.symtab0x40e4bc192FUNC<unknown>DEFAULT2
          opendir.symtab0x40a4f4240FUNC<unknown>DEFAULT2
          opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          p.4784.symtab0x4240600OBJECT<unknown>DEFAULT10
          parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          pending_connection.symtab0x4247ac1OBJECT<unknown>DEFAULT13
          prctl.symtab0x409fa096FUNC<unknown>DEFAULT2
          prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          program_invocation_name.symtab0x4241a84OBJECT<unknown>DEFAULT10
          program_invocation_short_name.symtab0x4241a44OBJECT<unknown>DEFAULT10
          raise.symtab0x40e060264FUNC<unknown>DEFAULT2
          raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          rand.symtab0x40ce9028FUNC<unknown>DEFAULT2
          rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          rand_alphastr.symtab0x408110368FUNC<unknown>DEFAULT2
          rand_init.symtab0x408064172FUNC<unknown>DEFAULT2
          rand_next.symtab0x40800892FUNC<unknown>DEFAULT2
          rand_str.symtab0x408280256FUNC<unknown>DEFAULT2
          random.symtab0x40ceb0164FUNC<unknown>DEFAULT2
          random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          random_poly_info.symtab0x41364040OBJECT<unknown>DEFAULT4
          random_r.symtab0x40d190172FUNC<unknown>DEFAULT2
          random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          randtbl.symtab0x4240d8128OBJECT<unknown>DEFAULT10
          read.symtab0x40e6bc192FUNC<unknown>DEFAULT2
          readdir.symtab0x40a6d0264FUNC<unknown>DEFAULT2
          readdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          readdir64.symtab0x40f830272FUNC<unknown>DEFAULT2
          readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          readlink.symtab0x40a00060FUNC<unknown>DEFAULT2
          readlink.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          realloc.symtab0x40c2501152FUNC<unknown>DEFAULT2
          realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          recv.symtab0x40adac240FUNC<unknown>DEFAULT2
          recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          recvfrom.symtab0x40af10280FUNC<unknown>DEFAULT2
          recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          register-atfork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          resolv_entries_free.symtab0x408380116FUNC<unknown>DEFAULT2
          resolv_lookup.symtab0x4083f41708FUNC<unknown>DEFAULT2
          resolve_cnc_addr.symtab0x40740c244FUNC<unknown>DEFAULT2
          resolve_func.symtab0x4240704OBJECT<unknown>DEFAULT10
          rindex.symtab0x411ca0160FUNC<unknown>DEFAULT2
          sbrk.symtab0x40f590164FUNC<unknown>DEFAULT2
          sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          select.symtab0x40a0a0260FUNC<unknown>DEFAULT2
          select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          send.symtab0x40b06c240FUNC<unknown>DEFAULT2
          send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sendto.symtab0x40b1d0280FUNC<unknown>DEFAULT2
          sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          setjmp_aux.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          setsid.symtab0x40a1b060FUNC<unknown>DEFAULT2
          setsid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          setsockopt.symtab0x40b2f096FUNC<unknown>DEFAULT2
          setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          setstate.symtab0x40cf54184FUNC<unknown>DEFAULT2
          setstate_r.symtab0x40d4f8272FUNC<unknown>DEFAULT2
          sigaction.symtab0x40efe028FUNC<unknown>DEFAULT2
          sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sigaddset.symtab0x40b39076FUNC<unknown>DEFAULT2
          sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sigemptyset.symtab0x40b3e036FUNC<unknown>DEFAULT2
          sigjmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          signal.symtab0x40b410228FUNC<unknown>DEFAULT2
          signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sigprocmask.symtab0x40a1f0176FUNC<unknown>DEFAULT2
          sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sleep.symtab0x40e170404FUNC<unknown>DEFAULT2
          sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          socket.symtab0x40b35060FUNC<unknown>DEFAULT2
          socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          srand.symtab0x40d0dc172FUNC<unknown>DEFAULT2
          srandom.symtab0x40d0dc172FUNC<unknown>DEFAULT2
          srandom_r.symtab0x40d23c400FUNC<unknown>DEFAULT2
          srv_addr.symtab0x4272c016OBJECT<unknown>DEFAULT13
          static_dtv.symtab0x426d70512OBJECT<unknown>DEFAULT13
          static_map.symtab0x42727852OBJECT<unknown>DEFAULT13
          static_slotinfo.symtab0x426f70776OBJECT<unknown>DEFAULT13
          stderr.symtab0x4241d84OBJECT<unknown>DEFAULT10
          stdin.symtab0x4241d04OBJECT<unknown>DEFAULT10
          stdout.symtab0x4241d44OBJECT<unknown>DEFAULT10
          strchr.symtab0x4119e0248FUNC<unknown>DEFAULT2
          strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strchrnul.symtab0x411ae0248FUNC<unknown>DEFAULT2
          strchrnul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strcmp.symtab0x411be044FUNC<unknown>DEFAULT2
          strcmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strcoll.symtab0x411be044FUNC<unknown>DEFAULT2
          strcspn.symtab0x411c10144FUNC<unknown>DEFAULT2
          strcspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strlen.symtab0x40a900184FUNC<unknown>DEFAULT2
          strlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strrchr.symtab0x411ca0160FUNC<unknown>DEFAULT2
          strrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strspn.symtab0x411d4072FUNC<unknown>DEFAULT2
          strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sysconf.symtab0x40d8fc792FUNC<unknown>DEFAULT2
          sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          table.symtab0x4272d056OBJECT<unknown>DEFAULT13
          table.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          table_init.symtab0x408c9c428FUNC<unknown>DEFAULT2
          table_key.symtab0x4240784OBJECT<unknown>DEFAULT10
          table_lock_val.symtab0x408ad4228FUNC<unknown>DEFAULT2
          table_retrieve_val.symtab0x408aa052FUNC<unknown>DEFAULT2
          table_unlock_val.symtab0x408bb8228FUNC<unknown>DEFAULT2
          tcgetattr.symtab0x411dd0176FUNC<unknown>DEFAULT2
          tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          time.symtab0x40a2a016FUNC<unknown>DEFAULT2
          time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          times.symtab0x40f64016FUNC<unknown>DEFAULT2
          times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          unsafe_state.symtab0x42416020OBJECT<unknown>DEFAULT10
          update_process.symtab0x4059888FUNC<unknown>DEFAULT2
          util.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          util_atoi.symtab0x409b54348FUNC<unknown>DEFAULT2
          util_fdgets.symtab0x4098f4200FUNC<unknown>DEFAULT2
          util_isalpha.symtab0x4098b448FUNC<unknown>DEFAULT2
          util_isdigit.symtab0x4098e416FUNC<unknown>DEFAULT2
          util_itoa.symtab0x409cb0284FUNC<unknown>DEFAULT2
          util_local_addr.symtab0x4099bc244FUNC<unknown>DEFAULT2
          util_memcpy.symtab0x40986844FUNC<unknown>DEFAULT2
          util_strcat.symtab0x4097c864FUNC<unknown>DEFAULT2
          util_strcpy.symtab0x40980896FUNC<unknown>DEFAULT2
          util_stristr.symtab0x409ab0164FUNC<unknown>DEFAULT2
          util_strlen.symtab0x40978c60FUNC<unknown>DEFAULT2
          util_zero.symtab0x40989432FUNC<unknown>DEFAULT2
          w.symtab0x4247bc4OBJECT<unknown>DEFAULT13
          write.symtab0x40e5bc192FUNC<unknown>DEFAULT2
          x.symtab0x4247b04OBJECT<unknown>DEFAULT13
          xstatconv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          y.symtab0x4247b44OBJECT<unknown>DEFAULT13
          z.symtab0x4247b84OBJECT<unknown>DEFAULT13

          Network Behavior

          Download Network PCAP: filteredfull

          Network Port Distribution

          • Total Packets: 14
          • 56999 undefined
          • 53 (DNS)
          TimestampSource PortDest PortSource IPDest IP
          Mar 20, 2025 12:18:26.488472939 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:18:26.819221020 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:18:26.819298983 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:18:26.832585096 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:18:27.154359102 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:18:27.154438019 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:18:27.474235058 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:18:36.842403889 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:18:37.166299105 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:18:37.166460991 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:18:37.166553020 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:18:52.672910929 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:18:52.673113108 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:19:07.997759104 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:19:07.998109102 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:19:23.321121931 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:19:23.321465015 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:19:37.225343943 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:19:37.545941114 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:19:37.546298981 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:20:08.192722082 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:20:08.193068981 CET3927856999192.168.2.14103.142.27.125
          Mar 20, 2025 12:20:23.516412973 CET5699939278103.142.27.125192.168.2.14
          Mar 20, 2025 12:20:23.516719103 CET3927856999192.168.2.14103.142.27.125
          TimestampSource PortDest PortSource IPDest IP
          Mar 20, 2025 12:18:26.380646944 CET3792153192.168.2.148.8.8.8
          Mar 20, 2025 12:18:26.481339931 CET53379218.8.8.8192.168.2.14

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Mar 20, 2025 12:18:26.380646944 CET192.168.2.148.8.8.80x8b0bStandard query (0)srolangvan.comA (IP address)IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Mar 20, 2025 12:18:26.481339931 CET8.8.8.8192.168.2.140x8b0bNo error (0)srolangvan.com103.142.27.125A (IP address)IN (0x0001)false

          System Behavior

          General

          Start time (UTC):11:18:25
          Start date (UTC):20/03/2025
          Path:/tmp/mpsl.elf
          Arguments:/tmp/mpsl.elf
          File size:5773336 bytes
          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

          File Activities

          Process Activities

          System Activities

          Network Activities


          General

          Start time (UTC):11:18:25
          Start date (UTC):20/03/2025
          Path:/tmp/mpsl.elf
          Arguments:-
          File size:5773336 bytes
          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

          Process Activities

          Network Activities


          General

          Start time (UTC):11:18:25
          Start date (UTC):20/03/2025
          Path:/tmp/mpsl.elf
          Arguments:-
          File size:5773336 bytes
          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

          File Activities

          Process Activities