Analysis Overview
SHA256
f6cf08d3a98a95c77655fa4fea07a7c41a19185159651d8e893462d9e7ccee07
Threat Level: Known bad
The file f6cf08d3a98a95c77655fa4fea07a7c41a19185159651d8e893462d9e7ccee07 was found to be: Known bad.
Malicious Activity Summary
Mirai_x86corona family
Detect Mirai Payload
Detected Gafgyt Variant
Detected x86corona Mirai Variant
Gafgyt family
Mirai family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-04-15 01:18
Signatures
Detect Mirai Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected Gafgyt Variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected x86corona Mirai Variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Gafgyt family
Mirai family
Mirai_x86corona family
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-15 01:18
Reported
2022-04-15 01:52
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
11005s
Max time network
153s
Command Line
Signatures
Processes
./f6cf08d3a98a95c77655fa4fea07a7c41a19185159651d8e893462d9e7ccee07
[./f6cf08d3a98a95c77655fa4fea07a7c41a19185159651d8e893462d9e7ccee07]
Network
| Country | Destination | Domain | Proto |
| KR | 203.212.101.226:23 | tcp | |
| TH | 101.109.233.66:23 | tcp | |
| DE | 185.132.53.124:1017 | tcp | |
| CN | 58.221.24.156:23 | tcp | |
| HK | 118.143.124.3:23 | tcp | |
| US | 107.165.124.52:23 | tcp | |
| CN | 119.4.124.93:23 | tcp | |
| CN | 59.172.26.11:23 | tcp | |
| CN | 59.172.26.11:23 | tcp | |
| DE | 185.132.53.124:1017 | tcp | |
| IT | 88.87.123.171:23 | tcp | |
| DE | 185.132.53.124:1017 | tcp | |
| DE | 185.132.53.124:1017 | tcp | |
| DE | 185.132.53.124:1017 | tcp | |
| DE | 185.132.53.124:1017 | tcp |