Malware Analysis Report

2024-12-01 00:52

Sample ID 211025-kceynafhe2
Target 443d08be9f7e57f9e446aa5e357818f3
SHA256 f471f1b5d41bc812c0419152aa4c0a71191ec2e3ae1a825ba07c49541f35b031
Tags
kaiten mirai mirai_x86corona
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f471f1b5d41bc812c0419152aa4c0a71191ec2e3ae1a825ba07c49541f35b031

Threat Level: Known bad

The file 443d08be9f7e57f9e446aa5e357818f3 was found to be: Known bad.

Malicious Activity Summary

kaiten mirai mirai_x86corona

Detected x86corona Mirai Variant

Identified Kaiten Bot

Kaiten family

Mirai family

Mirai_x86corona family

Detect Mirai Payload

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-10-25 08:27

Signatures

Detect Mirai Payload

Description Indicator Process Target
N/A N/A N/A N/A

Detected x86corona Mirai Variant

Description Indicator Process Target
N/A N/A N/A N/A

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Mirai family

mirai

Mirai_x86corona family

mirai_x86corona

Analysis: behavioral2

Detonation Overview

Submitted

2021-10-25 08:27

Reported

2021-10-25 08:32

Platform

debian9-mipsel

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 2.debian.pool.ntp.org udp
US 1.1.1.1:53 2.debian.pool.ntp.org udp
NL 5.79.108.34:123 2.debian.pool.ntp.org udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2021-10-25 08:27

Reported

2021-10-25 08:43

Platform

debian9-mipsbe

Max time network

25s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 2.debian.pool.ntp.org udp
US 1.1.1.1:53 2.debian.pool.ntp.org udp
US 1.1.1.1:53 3.debian.pool.ntp.org udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-10-25 08:27

Reported

2021-10-25 08:52

Platform

ubuntu-amd64

Max time kernel

6381s

Max time network

169s

Command Line

[./443d08be9f7e57f9e446aa5e357818f3]

Signatures

N/A

Processes

./443d08be9f7e57f9e446aa5e357818f3

[./443d08be9f7e57f9e446aa5e357818f3]

Network

Country Destination Domain Proto
US 1.1.1.1:53 changelogs.ubuntu.com udp
US 1.1.1.1:53 changelogs.ubuntu.com udp
US 162.240.30.112:42516 tcp
CA 142.44.163.110:6667 tcp
US 91.189.91.157:123 udp
CA 142.44.163.110:6667 tcp
US 91.189.91.157:123 udp
CA 142.44.163.110:6667 tcp
CA 142.44.163.110:6667 tcp
US 91.189.91.157:123 udp
CA 142.44.163.110:6667 tcp

Files

N/A