Analysis Overview
SHA256
63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2
Threat Level: Known bad
The file 63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2 was found to be: Known bad.
Malicious Activity Summary
Detected Gafgyt variant
Detected x86corona Mirai variant
Gafgyt family
Mirai family
Mirai_x86corona family
Detect Mirai payload
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-07-31 11:05
Signatures
Detect Mirai payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected Gafgyt variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected x86corona Mirai variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Gafgyt family
Mirai family
Mirai_x86corona family
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-31 11:05
Reported
2022-07-31 17:03
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
20305s
Max time network
154s
Command Line
Signatures
Processes
/tmp/63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2
[/tmp/63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2]
Network
| Country | Destination | Domain | Proto |
| VE | 200.75.119.43:80 | tcp | |
| AT | 80.121.201.21:80 | tcp | |
| AT | 80.121.201.21:80 | tcp | |
| JP | 157.7.185.153:8080 | tcp | |
| US | 206.2.129.136:80 | tcp | |
| JP | 157.7.185.153:8080 | tcp | |
| BR | 200.17.238.63:80 | tcp | |
| BR | 200.236.19.157:80 | tcp | |
| HR | 178.160.73.47:80 | tcp | |
| GB | 86.189.11.253:80 | tcp | |
| US | 206.83.202.217:80 | tcp | |
| US | 206.2.163.117:80 | tcp | |
| MA | 41.251.126.78:7547 | tcp | |
| MA | 41.141.21.2:7547 | tcp | |
| FR | 159.84.201.23:8080 | tcp | |
| RU | 82.195.12.101:80 | tcp | |
| US | 140.98.238.32:8080 | tcp | |
| US | 99.197.172.37:8080 | tcp | |
| GB | 80.47.52.74:80 | tcp | |
| GB | 80.47.52.74:80 | tcp | |
| US | 206.74.217.77:80 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| BR | 200.236.2.177:80 | tcp | |
| BR | 200.236.29.103:80 | tcp | |
| PT | 82.155.186.59:80 | tcp | |
| NG | 169.239.18.29:80 | tcp | |
| US | 206.126.231.21:80 | tcp | |
| RU | 178.208.71.128:80 | tcp | |
| AU | 120.157.148.190:8080 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| CN | 106.109.166.202:8080 | tcp | |
| PE | 200.48.82.57:80 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 75.105.23.93:8080 | tcp | |
| DZ | 197.202.175.110:7547 | tcp | |
| US | 184.63.228.133:8080 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 162.72.102.160:8080 | tcp | |
| US | 216.203.120.112:8080 | tcp | |
| US | 216.203.120.112:8080 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| AU | 123.210.222.222:8080 | tcp | |
| ZA | 41.160.99.233:7547 | tcp | |
| DE | 134.103.222.42:8080 | tcp | |
| ZA | 41.160.99.233:7547 | tcp | |
| MZ | 197.219.152.116:7547 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| MZ | 197.219.152.116:7547 | tcp | |
| SA | 83.101.143.108:80 | tcp | |
| MA | 41.141.2.98:7547 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| GQ | 41.222.114.148:7547 | tcp | |
| GQ | 41.222.114.148:7547 | tcp | |
| KE | 41.215.97.142:7547 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| AR | 181.6.78.229:80 | tcp | |
| BR | 179.144.251.140:8080 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp | |
| US | 198.98.58.235:53600 | tcp |