Malware Analysis Report

2025-05-28 17:47

Sample ID 220616-ebgszaader
Target 27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d
SHA256 27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d
Tags
mirai mirai_x86corona
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d

Threat Level: Known bad

The file 27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d was found to be: Known bad.

Malicious Activity Summary

mirai mirai_x86corona

Mirai family

Mirai_x86corona family

Detect Mirai Payload

Detected x86corona Mirai Variant

Modifies hosts file

Writes DNS configuration

Looks up external IP address via web service

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-06-16 03:45

Signatures

Detect Mirai Payload

Description Indicator Process Target
N/A N/A N/A N/A

Detected x86corona Mirai Variant

Description Indicator Process Target
N/A N/A N/A N/A

Mirai family

mirai

Mirai_x86corona family

mirai_x86corona

Analysis: behavioral1

Detonation Overview

Submitted

2022-06-16 03:45

Reported

2022-06-16 04:35

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

16372s

Max time network

142s

Command Line

[./27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d]

Signatures

Modifies hosts file

Description Indicator Process Target
/etc/hosts /etc/hosts /usr/bin/wget N/A
/etc/hosts /etc/hosts /usr/bin/wget N/A
/etc/hosts /etc/hosts /usr/bin/wget N/A

Writes DNS configuration

Description Indicator Process Target
/etc/resolv.conf /etc/resolv.conf /usr/bin/wget N/A
/etc/resolv.conf /etc/resolv.conf /usr/bin/wget N/A
/etc/resolv.conf /etc/resolv.conf /usr/bin/wget N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ipinfo.io N/A N/A

Processes

./27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d

[./27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d]

/bin/sh

[sh -c wget http://api.ipify.org -qO-]

/usr/bin/wget

[wget http://api.ipify.org -qO-]

/bin/sh

[sh -c wget ipinfo.io/154.61.71.51/org -qO-]

/usr/bin/wget

[wget ipinfo.io/154.61.71.51/org -qO-]

/bin/sh

[sh -c wget ipinfo.io/154.61.71.51/country -qO-]

/usr/bin/wget

[wget ipinfo.io/154.61.71.51/country -qO-]

Network

Country Destination Domain Proto
US 1.1.1.1:53 api.ipify.org udp
US 1.1.1.1:53 api.ipify.org udp
US 1.1.1.1:53 api.ipify.org.herokudns.com udp
US 3.220.57.224:80 api.ipify.org tcp
US 1.1.1.1:53 ipinfo.io udp
US 1.1.1.1:53 ipinfo.io udp
US 34.117.59.81:80 ipinfo.io tcp
US 34.117.59.81:80 ipinfo.io tcp
US 167.99.147.162:101 tcp
US 167.99.147.162:101 tcp
US 167.99.147.162:101 tcp
US 167.99.147.162:101 tcp
US 167.99.147.162:101 tcp

Files

N/A