Analysis Overview
score
10/10
SHA256
cc03cf0a03faa6ce1e5e7ebdff3ee814372ab63940beb717ab4c90f7b50cd1b2
Threat Level: Known bad
The file 04f257782ae8acc2109d56a432dd6ff9.bin was found to be: Known bad.
Malicious Activity Summary
Mirai family
Changes its process name
Deletes itself
Enumerates running processes
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-04-16 01:00
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-16 01:00
Reported
2024-04-16 01:03
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
149s
Max time network
152s
Command Line
[/tmp/fbde07f0582c954a0300e48cf4e70b54c155b05bc8780c04a34ad80c3e738ef8.elf]
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | httpd | /tmp/fbde07f0582c954a0300e48cf4e70b54c155b05bc8780c04a34ad80c3e738ef8.elf | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates running processes
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/98/cmdline | N/A | N/A |
| File opened for reading | /proc/115/cmdline | N/A | N/A |
| File opened for reading | /proc/159/cmdline | N/A | N/A |
| File opened for reading | /proc/428/cmdline | N/A | N/A |
| File opened for reading | /proc/950/cmdline | N/A | N/A |
| File opened for reading | /proc/1041/cmdline | N/A | N/A |
| File opened for reading | /proc/10/cmdline | N/A | N/A |
| File opened for reading | /proc/26/cmdline | N/A | N/A |
| File opened for reading | /proc/157/cmdline | N/A | N/A |
| File opened for reading | /proc/476/cmdline | N/A | N/A |
| File opened for reading | /proc/590/cmdline | N/A | N/A |
| File opened for reading | /proc/956/cmdline | N/A | N/A |
| File opened for reading | /proc/6/cmdline | N/A | N/A |
| File opened for reading | /proc/8/cmdline | N/A | N/A |
| File opened for reading | /proc/29/cmdline | N/A | N/A |
| File opened for reading | /proc/36/cmdline | N/A | N/A |
| File opened for reading | /proc/167/cmdline | N/A | N/A |
| File opened for reading | /proc/575/cmdline | N/A | N/A |
| File opened for reading | /proc/962/cmdline | N/A | N/A |
| File opened for reading | /proc/84/cmdline | N/A | N/A |
| File opened for reading | /proc/132/cmdline | N/A | N/A |
| File opened for reading | /proc/15/cmdline | N/A | N/A |
| File opened for reading | /proc/21/cmdline | N/A | N/A |
| File opened for reading | /proc/1059/cmdline | N/A | N/A |
| File opened for reading | /proc/28/cmdline | N/A | N/A |
| File opened for reading | /proc/442/cmdline | N/A | N/A |
| File opened for reading | /proc/1142/cmdline | N/A | N/A |
| File opened for reading | /proc/82/cmdline | N/A | N/A |
| File opened for reading | /proc/156/cmdline | N/A | N/A |
| File opened for reading | /proc/168/cmdline | N/A | N/A |
| File opened for reading | /proc/169/cmdline | N/A | N/A |
| File opened for reading | /proc/407/cmdline | N/A | N/A |
| File opened for reading | /proc/895/cmdline | N/A | N/A |
| File opened for reading | /proc/1082/cmdline | N/A | N/A |
| File opened for reading | /proc/1145/cmdline | N/A | N/A |
| File opened for reading | /proc/7/cmdline | N/A | N/A |
| File opened for reading | /proc/17/cmdline | N/A | N/A |
| File opened for reading | /proc/328/cmdline | N/A | N/A |
| File opened for reading | /proc/424/cmdline | N/A | N/A |
| File opened for reading | /proc/926/cmdline | N/A | N/A |
| File opened for reading | /proc/1025/cmdline | N/A | N/A |
| File opened for reading | /proc/4/cmdline | N/A | N/A |
| File opened for reading | /proc/160/cmdline | N/A | N/A |
| File opened for reading | /proc/447/cmdline | N/A | N/A |
| File opened for reading | /proc/484/cmdline | N/A | N/A |
| File opened for reading | /proc/3/cmdline | N/A | N/A |
| File opened for reading | /proc/27/cmdline | N/A | N/A |
| File opened for reading | /proc/466/cmdline | N/A | N/A |
| File opened for reading | /proc/642/cmdline | N/A | N/A |
| File opened for reading | /proc/1111/cmdline | N/A | N/A |
| File opened for reading | /proc/32/cmdline | N/A | N/A |
| File opened for reading | /proc/14/cmdline | N/A | N/A |
| File opened for reading | /proc/78/cmdline | N/A | N/A |
| File opened for reading | /proc/161/cmdline | N/A | N/A |
| File opened for reading | /proc/509/cmdline | N/A | N/A |
| File opened for reading | /proc/1120/cmdline | N/A | N/A |
| File opened for reading | /proc/162/cmdline | N/A | N/A |
| File opened for reading | /proc/413/cmdline | N/A | N/A |
| File opened for reading | /proc/438/cmdline | N/A | N/A |
| File opened for reading | /proc/686/cmdline | N/A | N/A |
| File opened for reading | /proc/85/cmdline | N/A | N/A |
| File opened for reading | /proc/166/cmdline | N/A | N/A |
| File opened for reading | /proc/171/cmdline | N/A | N/A |
| File opened for reading | /proc/636/cmdline | N/A | N/A |
Processes
/tmp/fbde07f0582c954a0300e48cf4e70b54c155b05bc8780c04a34ad80c3e738ef8.elf
[/tmp/fbde07f0582c954a0300e48cf4e70b54c155b05bc8780c04a34ad80c3e738ef8.elf]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| NL | 89.190.156.145:7733 | tcp | |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 151.101.130.49:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| US | 8.8.8.8:53 | raw.mezo-api.xyz | udp |
| DE | 35.198.149.52:33966 | raw.mezo-api.xyz | tcp |
Files
N/A