Malware Analysis Report

2024-12-01 00:47

Sample ID 220113-r9cm5abafl
Target ec93085aa1d743e64d8576ef49e93cf3
SHA256 02847ddd1dde9d8473fa2c6b53e61449be302f5bd38279a55833e1ee093a8187
Tags
kaiten mirai mirai_x86corona
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

02847ddd1dde9d8473fa2c6b53e61449be302f5bd38279a55833e1ee093a8187

Threat Level: Known bad

The file ec93085aa1d743e64d8576ef49e93cf3 was found to be: Known bad.

Malicious Activity Summary

kaiten mirai mirai_x86corona

Detected x86corona Mirai Variant

Identified Kaiten Bot

Kaiten family

Mirai family

Mirai_x86corona family

Detect Mirai Payload

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-01-13 14:53

Signatures

Detect Mirai Payload

Description Indicator Process Target
N/A N/A N/A N/A

Detected x86corona Mirai Variant

Description Indicator Process Target
N/A N/A N/A N/A

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Mirai family

mirai

Mirai_x86corona family

mirai_x86corona

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-13 14:53

Reported

2022-01-13 14:55

Platform

win7-en-20211208

Max time kernel

117s

Max time network

117s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\ec93085aa1d743e64d8576ef49e93cf3

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\ec93085aa1d743e64d8576ef49e93cf3

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-01-13 14:53

Reported

2022-01-13 14:55

Platform

win10-en-20211208

Max time kernel

122s

Max time network

127s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\ec93085aa1d743e64d8576ef49e93cf3

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\ec93085aa1d743e64d8576ef49e93cf3

Network

Country Destination Domain Proto
US 52.109.12.20:443 tcp

Files

N/A