Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/mpsl.elf

URLs

Name

Malicious

https://root_senpai.selly.store/

unknown

https://bugs.launchpad.net/ubuntu/

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

209.200.246.150

unknown

United States

Details

IP:	209.200.246.150
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	15244
ASN name:	ADDD2NET-INCUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f77f44b0000

page execute read

7ffd4f9fe000

page execute read

5558bf9e5000

page read and write

5558c2e97000

page read and write

7f77f4500000

page read and write

5558bf75d000

page execute read

7f787a779000

page read and write

7f787b06c000

page read and write

7f787ab1a000

page read and write

7f787b1e2000

page read and write

5558bf9ef000

page read and write

7ffd4f8d7000

page read and write

7f7874021000

page read and write

7f787b19d000

page read and write

7f787a4bb000

page read and write

7f787ae8b000

page read and write

7f7874000000

page read and write

7f787ab3d000

page read and write

7f7879cb3000

page read and write

7f787b195000

page read and write

5558c19ed000

page execute and read and write

7f787a4c9000

page read and write

7f77f44ca000

page read and write

7f787ab5a000

page read and write

5558c1a04000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
mpsl.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmpsl.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
mpsl.elf