Analysis Overview
score
10/10
SHA256
fbde07f0582c954a0300e48cf4e70b54c155b05bc8780c04a34ad80c3e738ef8
Threat Level: Known bad
The file 04f257782ae8acc2109d56a432dd6ff9.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Changes its process name
Deletes itself
Enumerates running processes
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-04-14 15:23
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-14 15:23
Reported
2024-04-14 15:25
Platform
ubuntu2004-amd64-20240221-en
Max time kernel
131s
Max time network
140s
Command Line
[/tmp/04f257782ae8acc2109d56a432dd6ff9.elf]
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | httpd | /tmp/04f257782ae8acc2109d56a432dd6ff9.elf | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates running processes
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/783/cmdline | N/A | N/A |
| File opened for reading | /proc/803/cmdline | N/A | N/A |
| File opened for reading | /proc/7/cmdline | N/A | N/A |
| File opened for reading | /proc/21/cmdline | N/A | N/A |
| File opened for reading | /proc/84/cmdline | N/A | N/A |
| File opened for reading | /proc/86/cmdline | N/A | N/A |
| File opened for reading | /proc/812/cmdline | N/A | N/A |
| File opened for reading | /proc/952/cmdline | N/A | N/A |
| File opened for reading | /proc/991/cmdline | N/A | N/A |
| File opened for reading | /proc/6/cmdline | N/A | N/A |
| File opened for reading | /proc/20/cmdline | N/A | N/A |
| File opened for reading | /proc/79/cmdline | N/A | N/A |
| File opened for reading | /proc/552/cmdline | N/A | N/A |
| File opened for reading | /proc/272/cmdline | N/A | N/A |
| File opened for reading | /proc/623/cmdline | N/A | N/A |
| File opened for reading | /proc/1103/cmdline | N/A | N/A |
| File opened for reading | /proc/24/cmdline | N/A | N/A |
| File opened for reading | /proc/85/cmdline | N/A | N/A |
| File opened for reading | /proc/93/cmdline | N/A | N/A |
| File opened for reading | /proc/177/cmdline | N/A | N/A |
| File opened for reading | /proc/160/cmdline | N/A | N/A |
| File opened for reading | /proc/172/cmdline | N/A | N/A |
| File opened for reading | /proc/456/cmdline | N/A | N/A |
| File opened for reading | /proc/1045/cmdline | N/A | N/A |
| File opened for reading | /proc/12/cmdline | N/A | N/A |
| File opened for reading | /proc/71/cmdline | N/A | N/A |
| File opened for reading | /proc/242/cmdline | N/A | N/A |
| File opened for reading | /proc/1084/cmdline | N/A | N/A |
| File opened for reading | /proc/1005/cmdline | N/A | N/A |
| File opened for reading | /proc/1097/cmdline | N/A | N/A |
| File opened for reading | /proc/88/cmdline | N/A | N/A |
| File opened for reading | /proc/446/cmdline | N/A | N/A |
| File opened for reading | /proc/643/cmdline | N/A | N/A |
| File opened for reading | /proc/899/cmdline | N/A | N/A |
| File opened for reading | /proc/159/cmdline | N/A | N/A |
| File opened for reading | /proc/168/cmdline | N/A | N/A |
| File opened for reading | /proc/275/cmdline | N/A | N/A |
| File opened for reading | /proc/631/cmdline | N/A | N/A |
| File opened for reading | /proc/1004/cmdline | N/A | N/A |
| File opened for reading | /proc/1102/cmdline | N/A | N/A |
| File opened for reading | /proc/673/cmdline | N/A | N/A |
| File opened for reading | /proc/766/cmdline | N/A | N/A |
| File opened for reading | /proc/969/cmdline | N/A | N/A |
| File opened for reading | /proc/975/cmdline | N/A | N/A |
| File opened for reading | /proc/91/cmdline | N/A | N/A |
| File opened for reading | /proc/680/cmdline | N/A | N/A |
| File opened for reading | /proc/938/cmdline | N/A | N/A |
| File opened for reading | /proc/1031/cmdline | N/A | N/A |
| File opened for reading | /proc/458/cmdline | N/A | N/A |
| File opened for reading | /proc/481/cmdline | N/A | N/A |
| File opened for reading | /proc/539/cmdline | N/A | N/A |
| File opened for reading | /proc/1063/cmdline | N/A | N/A |
| File opened for reading | /proc/9/cmdline | N/A | N/A |
| File opened for reading | /proc/77/cmdline | N/A | N/A |
| File opened for reading | /proc/78/cmdline | N/A | N/A |
| File opened for reading | /proc/92/cmdline | N/A | N/A |
| File opened for reading | /proc/949/cmdline | N/A | N/A |
| File opened for reading | /proc/1053/cmdline | N/A | N/A |
| File opened for reading | /proc/10/cmdline | N/A | N/A |
| File opened for reading | /proc/111/cmdline | N/A | N/A |
| File opened for reading | /proc/119/cmdline | N/A | N/A |
| File opened for reading | /proc/164/cmdline | N/A | N/A |
| File opened for reading | /proc/11/cmdline | N/A | N/A |
| File opened for reading | /proc/626/cmdline | N/A | N/A |
Processes
/tmp/04f257782ae8acc2109d56a432dd6ff9.elf
[/tmp/04f257782ae8acc2109d56a432dd6ff9.elf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| NL | 89.190.156.145:7733 | tcp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | _https._tcp.deb.nodesource.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.nl.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | deb.nodesource.com | udp |
| US | 1.1.1.1:53 | deb.nodesource.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | nl.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | nl.archive.ubuntu.com | udp |
| US | 172.67.10.205:443 | deb.nodesource.com | tcp |
| US | 91.189.91.83:80 | security.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.66.49:443 | cdn.fwupd.org | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| US | 1.1.1.1:53 | _https._tcp.motd.ubuntu.com | udp |
| US | 1.1.1.1:53 | motd.ubuntu.com | udp |
| US | 1.1.1.1:53 | motd.ubuntu.com | udp |
| IE | 54.217.10.153:443 | motd.ubuntu.com | tcp |
| US | 1.1.1.1:53 | _https._tcp.esm.ubuntu.com | udp |
| US | 1.1.1.1:53 | esm.ubuntu.com | udp |
| US | 1.1.1.1:53 | esm.ubuntu.com | udp |
| US | 151.101.66.49:443 | cdn.fwupd.org | tcp |
| GB | 185.125.190.24:443 | esm.ubuntu.com | tcp |
| IE | 54.171.230.55:443 | motd.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| IE | 34.243.160.129:443 | motd.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| NL | 213.136.12.213:80 | nl.archive.ubuntu.com | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
Files
N/A