Malware Analysis Report

2025-08-06 00:30

Sample ID 240419-cehhkaef9v
Target d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf
SHA256 d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae
Tags
mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae

Threat Level: Known bad

The file d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf was found to be: Known bad.

Malicious Activity Summary

mirai

Mirai family

Changes its process name

Enumerates running processes

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-19 01:59

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-19 01:59

Reported

2024-04-19 02:01

Platform

debian9-mipsel-20240226-en

Max time kernel

149s

Max time network

151s

Command Line

[/tmp/d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself N+N: /tmp/d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf N/A

Enumerates running processes

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/801/cmdline N/A N/A
File opened for reading /proc/677/cmdline N/A N/A
File opened for reading /proc/787/cmdline N/A N/A
File opened for reading /proc/77/cmdline N/A N/A
File opened for reading /proc/715/cmdline N/A N/A
File opened for reading /proc/728/cmdline N/A N/A
File opened for reading /proc/771/cmdline N/A N/A
File opened for reading /proc/782/cmdline N/A N/A
File opened for reading /proc/805/cmdline N/A N/A
File opened for reading /proc/1/cmdline N/A N/A
File opened for reading /proc/8/cmdline N/A N/A
File opened for reading /proc/708/cmdline N/A N/A
File opened for reading /proc/729/cmdline N/A N/A
File opened for reading /proc/748/cmdline N/A N/A
File opened for reading /proc/766/cmdline N/A N/A
File opened for reading /proc/770/cmdline N/A N/A
File opened for reading /proc/794/cmdline N/A N/A
File opened for reading /proc/15/cmdline N/A N/A
File opened for reading /proc/705/cmdline N/A N/A
File opened for reading /proc/798/cmdline N/A N/A
File opened for reading /proc/817/cmdline N/A N/A
File opened for reading /proc/727/cmdline N/A N/A
File opened for reading /proc/796/cmdline N/A N/A
File opened for reading /proc/806/cmdline N/A N/A
File opened for reading /proc/71/cmdline N/A N/A
File opened for reading /proc/719/cmdline N/A N/A
File opened for reading /proc/73/cmdline N/A N/A
File opened for reading /proc/724/cmdline N/A N/A
File opened for reading /proc/732/cmdline N/A N/A
File opened for reading /proc/781/cmdline N/A N/A
File opened for reading /proc/3/cmdline N/A N/A
File opened for reading /proc/726/cmdline N/A N/A
File opened for reading /proc/76/cmdline N/A N/A
File opened for reading /proc/161/cmdline N/A N/A
File opened for reading /proc/382/cmdline N/A N/A
File opened for reading /proc/679/cmdline N/A N/A
File opened for reading /proc/749/cmdline N/A N/A
File opened for reading /proc/775/cmdline N/A N/A
File opened for reading /proc/7/cmdline N/A N/A
File opened for reading /proc/36/cmdline N/A N/A
File opened for reading /proc/777/cmdline N/A N/A
File opened for reading /proc/788/cmdline N/A N/A
File opened for reading /proc/747/cmdline N/A N/A
File opened for reading /proc/760/cmdline N/A N/A
File opened for reading /proc/814/cmdline N/A N/A
File opened for reading /proc/710/cmdline N/A N/A
File opened for reading /proc/731/cmdline N/A N/A
File opened for reading /proc/797/cmdline N/A N/A
File opened for reading /proc/11/cmdline N/A N/A
File opened for reading /proc/783/cmdline N/A N/A
File opened for reading /proc/772/cmdline N/A N/A
File opened for reading /proc/126/cmdline N/A N/A
File opened for reading /proc/155/cmdline N/A N/A
File opened for reading /proc/738/cmdline N/A N/A
File opened for reading /proc/741/cmdline N/A N/A
File opened for reading /proc/762/cmdline N/A N/A
File opened for reading /proc/768/cmdline N/A N/A
File opened for reading /proc/774/cmdline N/A N/A
File opened for reading /proc/13/cmdline N/A N/A
File opened for reading /proc/74/cmdline N/A N/A
File opened for reading /proc/734/cmdline N/A N/A
File opened for reading /proc/752/cmdline N/A N/A
File opened for reading /proc/784/cmdline N/A N/A
File opened for reading /proc/793/cmdline N/A N/A

Processes

/tmp/d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf

[/tmp/d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf]

Network

Country Destination Domain Proto
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp
US 8.8.8.8:53 cnc.condi.cloud udp

Files

N/A