Analysis Overview
SHA256
518668d64e5e5ec824bb002f8860c4142f0cacdb8e72a9f76b73ae30f1474007
Threat Level: Known bad
The file 518668d64e5e5ec824bb002f8860c4142f0cacdb8e72a9f76b73ae30f1474007 was found to be: Known bad.
Malicious Activity Summary
Detected Gafgyt variant
Detected x86corona Mirai variant
Gafgyt family
Mirai family
Mirai_x86corona family
Detect Mirai payload
Modifies the Watchdog daemon
Reads system routing table
Reads system network configuration
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-07-18 14:41
Signatures
Detect Mirai payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Gafgyt variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected x86corona Mirai variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gafgyt family
Mirai family
Mirai_x86corona family
Analysis: behavioral9
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
debian9-mipsel-en-20211208
Command Line
Signatures
Processes
/tmp/89.42.133.67/m68k
[/tmp/89.42.133.67/m68k]
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/powerpc
[/tmp/89.42.133.67/powerpc]
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
debian9-mipsbe-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/powerpc
[/tmp/89.42.133.67/powerpc]
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
debian9-mipsel-en-20211208
Command Line
Signatures
Processes
/tmp/89.42.133.67/powerpc
[/tmp/89.42.133.67/powerpc]
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:42
Platform
debian9-armhf-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/sparc
[/tmp/89.42.133.67/sparc]
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
debian9-mipsbe-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/sparc
[/tmp/89.42.133.67/sparc]
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/sparc
[/tmp/89.42.133.67/sparc]
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:44
Platform
debian9-armhf-en-20211208
Max time kernel
0s
Max time network
156s
Command Line
Signatures
Processes
/tmp/89.42.133.67/armv4l
[/tmp/89.42.133.67/armv4l]
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:44
Platform
debian9-armhf-en-20211208
Max time kernel
0s
Max time network
158s
Command Line
Signatures
Processes
/tmp/89.42.133.67/armv5l
[/tmp/89.42.133.67/armv5l]
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:44
Platform
debian9-armhf-en-20211208
Max time kernel
19172s
Max time network
157s
Command Line
Signatures
Modifies the Watchdog daemon
Reads system routing table
| Description | Indicator | Process | Target |
| /proc/net/route | /proc/net/route | /tmp/89.42.133.67/armv6l | N/A |
Reads system network configuration
| Description | Indicator | Process | Target |
| /proc/net/route | /proc/net/route | /tmp/89.42.133.67/armv6l | N/A |
Processes
/tmp/89.42.133.67/armv6l
[/tmp/89.42.133.67/armv6l]
Network
| Country | Destination | Domain | Proto |
| RO | 89.42.133.67:123 | tcp | |
| CN | 42.133.67.123:123 | tcp | |
| RO | 89.42.133.67:123 | tcp | |
| CN | 42.133.67.123:123 | tcp | |
| RO | 89.42.133.67:123 | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
debian9-armhf-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/m68k
[/tmp/89.42.133.67/m68k]
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
debian9-mipsbe-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/m68k
[/tmp/89.42.133.67/m68k]
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:42
Platform
debian9-armhf-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/sh4
[/tmp/89.42.133.67/sh4]
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
debian9-mipsel-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/sh4
[/tmp/89.42.133.67/sh4]
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:43
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
0s
Max time network
153s
Command Line
Signatures
Processes
/tmp/89.42.133.67/i586
[/tmp/89.42.133.67/i586]
Network
| Country | Destination | Domain | Proto |
| RO | 89.42.133.67:123 | tcp | |
| CN | 42.133.67.123:123 | tcp | |
| JP | 133.67.123.0:123 | tcp | |
| US | 67.123.0.0:123 | tcp | |
| RO | 89.42.133.67:123 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/m68k
[/tmp/89.42.133.67/m68k]
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
debian9-armhf-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/powerpc
[/tmp/89.42.133.67/powerpc]
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/sh4
[/tmp/89.42.133.67/sh4]
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
debian9-mipsel-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/89.42.133.67/sparc
[/tmp/89.42.133.67/sparc]
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:44
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
0s
Max time network
152s
Command Line
Signatures
Modifies the Watchdog daemon
Reads system routing table
| Description | Indicator | Process | Target |
| /proc/net/route | /proc/net/route | /tmp/89.42.133.67/x86 | N/A |
Reads system network configuration
| Description | Indicator | Process | Target |
| /proc/net/route | /proc/net/route | /tmp/89.42.133.67/x86 | N/A |
Processes
/tmp/89.42.133.67/x86
[/tmp/89.42.133.67/x86]
Network
| Country | Destination | Domain | Proto |
| RO | 89.42.133.67:123 | tcp | |
| CN | 42.133.67.123:123 | tcp | |
| JP | 133.67.123.0:123 | tcp | |
| US | 67.123.0.0:123 | tcp | |
| RO | 89.42.133.67:123 | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:43
Platform
ubuntu1804-amd64-en-20211208
Max time network
153s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| RO | 89.42.133.67:123 | tcp | |
| CN | 42.133.67.123:123 | tcp | |
| JP | 133.67.123.0:123 | tcp | |
| US | 67.123.0.0:123 | tcp | |
| RO | 89.42.133.67:123 | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:43
Platform
debian9-mipsbe-en-20211208
Max time kernel
19172s
Max time network
154s
Command Line
Signatures
Modifies the Watchdog daemon
Reads system routing table
| Description | Indicator | Process | Target |
| /proc/net/route | /proc/net/route | /tmp/89.42.133.67/mips | N/A |
Reads system network configuration
| Description | Indicator | Process | Target |
| /proc/net/route | /proc/net/route | /tmp/89.42.133.67/mips | N/A |
Processes
/tmp/89.42.133.67/mips
[/tmp/89.42.133.67/mips]
Network
| Country | Destination | Domain | Proto |
| RO | 89.42.133.67:123 | tcp | |
| CN | 42.133.67.123:123 | tcp | |
| JP | 133.67.123.2:123 | tcp | |
| US | 67.123.3.0:123 | tcp | |
| RO | 89.42.133.67:123 | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:43
Platform
debian9-mipsel-en-20211208
Max time kernel
19172s
Max time network
153s
Command Line
Signatures
Modifies the Watchdog daemon
Reads system routing table
| Description | Indicator | Process | Target |
| /proc/net/route | /proc/net/route | /tmp/89.42.133.67/mipsel | N/A |
Reads system network configuration
| Description | Indicator | Process | Target |
| /proc/net/route | /proc/net/route | /tmp/89.42.133.67/mipsel | N/A |
Processes
/tmp/89.42.133.67/mipsel
[/tmp/89.42.133.67/mipsel]
Network
| Country | Destination | Domain | Proto |
| RO | 89.42.133.67:123 | tcp | |
| CN | 42.133.67.123:123 | tcp | |
| JP | 133.67.123.2:123 | tcp | |
| US | 67.123.3.0:123 | tcp | |
| RO | 89.42.133.67:123 | tcp | |
| CN | 42.133.67.123:123 | tcp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2022-07-18 14:41
Reported
2022-07-18 14:41
Platform
debian9-mipsbe-en-20211208
Command Line
Signatures
Processes
/tmp/89.42.133.67/sh4
[/tmp/89.42.133.67/sh4]