Malware Analysis Report

2024-12-01 00:34

Sample ID 220718-zpzadshgdq
Target 50b82ac4c85206858059255e14b808a88aec7188c8e53cbe3bc4288d6d6f78cd
SHA256 50b82ac4c85206858059255e14b808a88aec7188c8e53cbe3bc4288d6d6f78cd
Tags
gafgyt mirai mirai_x86corona
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

50b82ac4c85206858059255e14b808a88aec7188c8e53cbe3bc4288d6d6f78cd

Threat Level: Known bad

The file 50b82ac4c85206858059255e14b808a88aec7188c8e53cbe3bc4288d6d6f78cd was found to be: Known bad.

Malicious Activity Summary

gafgyt mirai mirai_x86corona

Detect Mirai payload

Detected Gafgyt variant

Detected x86corona Mirai variant

Gafgyt family

Mirai family

Mirai_x86corona family

Writes file to tmp directory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-07-18 20:54

Signatures

Detect Mirai payload

Description Indicator Process Target
N/A N/A N/A N/A

Detected Gafgyt variant

Description Indicator Process Target
N/A N/A N/A N/A

Detected x86corona Mirai variant

Description Indicator Process Target
N/A N/A N/A N/A

Gafgyt family

gafgyt

Mirai family

mirai

Mirai_x86corona family

mirai_x86corona

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-18 20:54

Reported

2022-07-18 21:20

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

0s

Max time network

141s

Command Line

[/tmp/50b82ac4c85206858059255e14b808a88aec7188c8e53cbe3bc4288d6d6f78cd]

Signatures

Writes file to tmp directory

Description Indicator Process Target
/tmp/50b82ac4c85206858059255e14b808a88aec7188c8e53cbe3bc4288d6d6f78cd /tmp/50b82ac4c85206858059255e14b808a88aec7188c8e53cbe3bc4288d6d6f78cd /tmp/50b82ac4c85206858059255e14b808a88aec7188c8e53cbe3bc4288d6d6f78cd N/A

Processes

/tmp/50b82ac4c85206858059255e14b808a88aec7188c8e53cbe3bc4288d6d6f78cd

[/tmp/50b82ac4c85206858059255e14b808a88aec7188c8e53cbe3bc4288d6d6f78cd]

Network

Country Destination Domain Proto
NL 46.166.151.88:453 tcp
NL 46.166.151.88:453 tcp
NL 46.166.151.88:453 tcp
NL 46.166.151.88:453 tcp
NL 46.166.151.88:453 tcp

Files

N/A