Analysis Overview
SHA256
3120ed50f0e924f998f0781248e00cb5c27c4ad809b7d344e782eaaab0da53c3
Threat Level: Known bad
The file 0012f3033220902f3f721dc168ffc65f was found to be: Known bad.
Malicious Activity Summary
Detect Mirai Payload
Detected x86corona Mirai Variant
Mirai family
Mirai_x86corona family
Reads runtime system information
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-04-05 19:02
Signatures
Detect Mirai Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected x86corona Mirai Variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Mirai family
Mirai_x86corona family
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-05 19:02
Reported
2022-04-05 19:04
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
0s
Max time network
102s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| /proc/filesystems | /proc/filesystems | /bin/mkdir | N/A |
| /proc/filesystems | /proc/filesystems | /bin/mv | N/A |
Processes
./0012f3033220902f3f721dc168ffc65f
[./0012f3033220902f3f721dc168ffc65f]
/bin/sh
[sh -c mkdir /9afh7ukhy2/ && >/9afh7ukhy2/9afh7ukhy2 && cd /9afh7ukhy2/ >/dev/null]
/bin/mkdir
[mkdir /9afh7ukhy2/]
/bin/sh
[sh -c mv /tmp/0012f3033220902f3f721dc168ffc65f /9afh7ukhy2/9afh7ukhy2 && chmod 777 /9afh7ukhy2/9afh7ukhy2 >/dev/null]
/bin/mv
[mv /tmp/0012f3033220902f3f721dc168ffc65f /9afh7ukhy2/9afh7ukhy2]
/bin/chmod
[chmod 777 /9afh7ukhy2/9afh7ukhy2]
Network
| Country | Destination | Domain | Proto |
| DE | 194.242.56.116:5683 | tcp |