Analysis Overview
score
10/10
SHA256
d32291545c56eab82f30326694e2963d05fbf7a84e75442566cc626e04d9e174
Threat Level: Known bad
The file d32291545c56eab82f30326694e2963d05fbf7a84e75442566cc626e04d9e174.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Changes its process name
Deletes itself
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-04-15 01:23
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-15 01:23
Reported
2024-04-15 01:25
Platform
debian9-armhf-20240226-en
Max time kernel
149s
Max time network
146s
Command Line
[/tmp/d32291545c56eab82f30326694e2963d05fbf7a84e75442566cc626e04d9e174.elf]
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | httpd | /tmp/d32291545c56eab82f30326694e2963d05fbf7a84e75442566cc626e04d9e174.elf | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/1111�"/cmdline | N/A | N/A |
| File opened for reading | /proc/6666-6/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�3/stat | N/A | N/A |
| File opened for reading | /proc/6666%4/stat | N/A | N/A |
| File opened for reading | /proc/222�"/cmdline | N/A | N/A |
| File opened for reading | /proc/2222+/cmdline | N/A | N/A |
| File opened for reading | /proc/2222[,/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�2/cmdline | N/A | N/A |
| File opened for reading | /proc/22226+/stat | N/A | N/A |
| File opened for reading | /proc/1111�"/cmdline | N/A | N/A |
| File opened for reading | /proc/5555�/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�4/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�8/stat | N/A | N/A |
| File opened for reading | /proc/3333�3/stat | N/A | N/A |
| File opened for reading | /proc/777745/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�6/stat | N/A | N/A |
| File opened for reading | /proc/6666�3/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�4/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�7/stat | N/A | N/A |
| File opened for reading | /proc/6666�9/stat | N/A | N/A |
| File opened for reading | /proc/1111�3/cmdline | N/A | N/A |
| File opened for reading | /proc/7777Y5/cmdline | N/A | N/A |
| File opened for reading | /proc/1111$/stat | N/A | N/A |
| File opened for reading | /proc/66665/cmdline | N/A | N/A |
| File opened for reading | /proc/77774/stat | N/A | N/A |
| File opened for reading | /proc/6666�8/stat | N/A | N/A |
| File opened for reading | /proc/6666N4/stat | N/A | N/A |
| File opened for reading | /proc/7777�5/cmdline | N/A | N/A |
| File opened for reading | /proc/66662/stat | N/A | N/A |
| File opened for reading | /proc/33/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�4/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�7/cmdline | N/A | N/A |
| File opened for reading | /proc/6666 9/stat | N/A | N/A |
| File opened for reading | /proc/6666�6/stat | N/A | N/A |
| File opened for reading | /proc/5555O/cmdline | N/A | N/A |
| File opened for reading | /proc/11/stat | N/A | N/A |
| File opened for reading | /proc/1111�%/stat | N/A | N/A |
| File opened for reading | /proc/6666�3/stat | N/A | N/A |
| File opened for reading | /proc/6666�4/stat | N/A | N/A |
| File opened for reading | /proc/99/cmdline | N/A | N/A |
| File opened for reading | /proc/22226+/cmdline | N/A | N/A |
| File opened for reading | /proc/33/stat | N/A | N/A |
| File opened for reading | /proc/1111�3/stat | N/A | N/A |
| File opened for reading | /proc/7777h5/stat | N/A | N/A |
| File opened for reading | /proc/7777 6/stat | N/A | N/A |
| File opened for reading | /proc/11/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�3/cmdline | N/A | N/A |
| File opened for reading | /proc/55/stat | N/A | N/A |
| File opened for reading | /proc/6666�4/cmdline | N/A | N/A |
| File opened for reading | /proc/77775/cmdline | N/A | N/A |
| File opened for reading | /proc/1111�"/stat | N/A | N/A |
| File opened for reading | /proc/5555�/stat | N/A | N/A |
| File opened for reading | /proc/6666�3/stat | N/A | N/A |
| File opened for reading | /proc/111�"/cmdline | N/A | N/A |
| File opened for reading | /proc/66665/cmdline | N/A | N/A |
| File opened for reading | /proc/444/cmdline | N/A | N/A |
| File opened for reading | /proc/444s�"/stat | N/A | N/A |
| File opened for reading | /proc/6666�4/cmdline | N/A | N/A |
| File opened for reading | /proc/777745/stat | N/A | N/A |
| File opened for reading | /proc/77774/cmdline | N/A | N/A |
| File opened for reading | /proc/6666�3/stat | N/A | N/A |
| File opened for reading | /proc/666674/cmdline | N/A | N/A |
| File opened for reading | /proc/2222`*/stat | N/A | N/A |
| File opened for reading | /proc/7777f5/cmdline | N/A | N/A |
Processes
/tmp/d32291545c56eab82f30326694e2963d05fbf7a84e75442566cc626e04d9e174.elf
[/tmp/d32291545c56eab82f30326694e2963d05fbf7a84e75442566cc626e04d9e174.elf]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
Files
N/A