Malware Analysis Report

2024-11-13 17:27

Sample ID 220731-m661cadah9
Target 63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2
SHA256 63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2
Tags
gafgyt mirai mirai_x86corona
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2

Threat Level: Known bad

The file 63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2 was found to be: Known bad.

Malicious Activity Summary

gafgyt mirai mirai_x86corona

Detected Gafgyt variant

Detected x86corona Mirai variant

Gafgyt family

Mirai family

Mirai_x86corona family

Detect Mirai payload

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-07-31 11:05

Signatures

Detect Mirai payload

Description Indicator Process Target
N/A N/A N/A N/A

Detected Gafgyt variant

Description Indicator Process Target
N/A N/A N/A N/A

Detected x86corona Mirai variant

Description Indicator Process Target
N/A N/A N/A N/A

Gafgyt family

gafgyt

Mirai family

mirai

Mirai_x86corona family

mirai_x86corona

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-31 11:05

Reported

2022-07-31 17:03

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

20305s

Max time network

154s

Command Line

[/tmp/63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2]

Signatures

N/A

Processes

/tmp/63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2

[/tmp/63943f19b611680370f5674e32e3181151c9bd589fa858ea1650b3d1942f78d2]

Network

Country Destination Domain Proto
VE 200.75.119.43:80 tcp
AT 80.121.201.21:80 tcp
AT 80.121.201.21:80 tcp
JP 157.7.185.153:8080 tcp
US 206.2.129.136:80 tcp
JP 157.7.185.153:8080 tcp
BR 200.17.238.63:80 tcp
BR 200.236.19.157:80 tcp
HR 178.160.73.47:80 tcp
GB 86.189.11.253:80 tcp
US 206.83.202.217:80 tcp
US 206.2.163.117:80 tcp
MA 41.251.126.78:7547 tcp
MA 41.141.21.2:7547 tcp
FR 159.84.201.23:8080 tcp
RU 82.195.12.101:80 tcp
US 140.98.238.32:8080 tcp
US 99.197.172.37:8080 tcp
GB 80.47.52.74:80 tcp
GB 80.47.52.74:80 tcp
US 206.74.217.77:80 tcp
US 198.98.58.235:53600 tcp
BR 200.236.2.177:80 tcp
BR 200.236.29.103:80 tcp
PT 82.155.186.59:80 tcp
NG 169.239.18.29:80 tcp
US 206.126.231.21:80 tcp
RU 178.208.71.128:80 tcp
AU 120.157.148.190:8080 tcp
US 198.98.58.235:53600 tcp
CN 106.109.166.202:8080 tcp
PE 200.48.82.57:80 tcp
US 198.98.58.235:53600 tcp
US 75.105.23.93:8080 tcp
DZ 197.202.175.110:7547 tcp
US 184.63.228.133:8080 tcp
US 198.98.58.235:53600 tcp
US 162.72.102.160:8080 tcp
US 216.203.120.112:8080 tcp
US 216.203.120.112:8080 tcp
US 198.98.58.235:53600 tcp
AU 123.210.222.222:8080 tcp
ZA 41.160.99.233:7547 tcp
DE 134.103.222.42:8080 tcp
ZA 41.160.99.233:7547 tcp
MZ 197.219.152.116:7547 tcp
US 198.98.58.235:53600 tcp
MZ 197.219.152.116:7547 tcp
SA 83.101.143.108:80 tcp
MA 41.141.2.98:7547 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
GQ 41.222.114.148:7547 tcp
GQ 41.222.114.148:7547 tcp
KE 41.215.97.142:7547 tcp
US 198.98.58.235:53600 tcp
AR 181.6.78.229:80 tcp
BR 179.144.251.140:8080 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp
US 198.98.58.235:53600 tcp

Files

N/A