Analysis Overview
SHA256
27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d
Threat Level: Known bad
The file 27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d was found to be: Known bad.
Malicious Activity Summary
Mirai family
Mirai_x86corona family
Detect Mirai Payload
Detected x86corona Mirai Variant
Modifies hosts file
Writes DNS configuration
Looks up external IP address via web service
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-06-16 03:45
Signatures
Detect Mirai Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected x86corona Mirai Variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Mirai family
Mirai_x86corona family
Analysis: behavioral1
Detonation Overview
Submitted
2022-06-16 03:45
Reported
2022-06-16 04:35
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
16372s
Max time network
142s
Command Line
Signatures
Modifies hosts file
| Description | Indicator | Process | Target |
| /etc/hosts | /etc/hosts | /usr/bin/wget | N/A |
| /etc/hosts | /etc/hosts | /usr/bin/wget | N/A |
| /etc/hosts | /etc/hosts | /usr/bin/wget | N/A |
Writes DNS configuration
| Description | Indicator | Process | Target |
| /etc/resolv.conf | /etc/resolv.conf | /usr/bin/wget | N/A |
| /etc/resolv.conf | /etc/resolv.conf | /usr/bin/wget | N/A |
| /etc/resolv.conf | /etc/resolv.conf | /usr/bin/wget | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Processes
./27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d
[./27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d]
/bin/sh
[sh -c wget http://api.ipify.org -qO-]
/usr/bin/wget
[wget http://api.ipify.org -qO-]
/bin/sh
[sh -c wget ipinfo.io/154.61.71.51/org -qO-]
/usr/bin/wget
[wget ipinfo.io/154.61.71.51/org -qO-]
/bin/sh
[sh -c wget ipinfo.io/154.61.71.51/country -qO-]
/usr/bin/wget
[wget ipinfo.io/154.61.71.51/country -qO-]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | api.ipify.org | udp |
| US | 1.1.1.1:53 | api.ipify.org | udp |
| US | 1.1.1.1:53 | api.ipify.org.herokudns.com | udp |
| US | 3.220.57.224:80 | api.ipify.org | tcp |
| US | 1.1.1.1:53 | ipinfo.io | udp |
| US | 1.1.1.1:53 | ipinfo.io | udp |
| US | 34.117.59.81:80 | ipinfo.io | tcp |
| US | 34.117.59.81:80 | ipinfo.io | tcp |
| US | 167.99.147.162:101 | tcp | |
| US | 167.99.147.162:101 | tcp | |
| US | 167.99.147.162:101 | tcp | |
| US | 167.99.147.162:101 | tcp | |
| US | 167.99.147.162:101 | tcp |