Malware Analysis Report

2025-06-15 22:01

Sample ID 220405-xprt7sfaen
Target 0012f3033220902f3f721dc168ffc65f
SHA256 3120ed50f0e924f998f0781248e00cb5c27c4ad809b7d344e782eaaab0da53c3
Tags
mirai mirai_x86corona
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3120ed50f0e924f998f0781248e00cb5c27c4ad809b7d344e782eaaab0da53c3

Threat Level: Known bad

The file 0012f3033220902f3f721dc168ffc65f was found to be: Known bad.

Malicious Activity Summary

mirai mirai_x86corona

Detect Mirai Payload

Detected x86corona Mirai Variant

Mirai family

Mirai_x86corona family

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-04-05 19:02

Signatures

Detect Mirai Payload

Description Indicator Process Target
N/A N/A N/A N/A

Detected x86corona Mirai Variant

Description Indicator Process Target
N/A N/A N/A N/A

Mirai family

mirai

Mirai_x86corona family

mirai_x86corona

Analysis: behavioral1

Detonation Overview

Submitted

2022-04-05 19:02

Reported

2022-04-05 19:04

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

0s

Max time network

102s

Command Line

[./0012f3033220902f3f721dc168ffc65f]

Signatures

Reads runtime system information

Description Indicator Process Target
/proc/filesystems /proc/filesystems /bin/mkdir N/A
/proc/filesystems /proc/filesystems /bin/mv N/A

Processes

./0012f3033220902f3f721dc168ffc65f

[./0012f3033220902f3f721dc168ffc65f]

/bin/sh

[sh -c mkdir /9afh7ukhy2/ && >/9afh7ukhy2/9afh7ukhy2 && cd /9afh7ukhy2/ >/dev/null]

/bin/mkdir

[mkdir /9afh7ukhy2/]

/bin/sh

[sh -c mv /tmp/0012f3033220902f3f721dc168ffc65f /9afh7ukhy2/9afh7ukhy2 && chmod 777 /9afh7ukhy2/9afh7ukhy2 >/dev/null]

/bin/mv

[mv /tmp/0012f3033220902f3f721dc168ffc65f /9afh7ukhy2/9afh7ukhy2]

/bin/chmod

[chmod 777 /9afh7ukhy2/9afh7ukhy2]

Network

Country Destination Domain Proto
DE 194.242.56.116:5683 tcp

Files

N/A