Analysis Overview
score
10/10
SHA256
d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae
Threat Level: Known bad
The file d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Changes its process name
Enumerates running processes
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-04-19 01:59
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-19 01:59
Reported
2024-04-19 02:01
Platform
debian9-mipsel-20240226-en
Max time kernel
149s
Max time network
151s
Command Line
[/tmp/d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf]
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | N+N: | /tmp/d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf | N/A |
Enumerates running processes
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/801/cmdline | N/A | N/A |
| File opened for reading | /proc/677/cmdline | N/A | N/A |
| File opened for reading | /proc/787/cmdline | N/A | N/A |
| File opened for reading | /proc/77/cmdline | N/A | N/A |
| File opened for reading | /proc/715/cmdline | N/A | N/A |
| File opened for reading | /proc/728/cmdline | N/A | N/A |
| File opened for reading | /proc/771/cmdline | N/A | N/A |
| File opened for reading | /proc/782/cmdline | N/A | N/A |
| File opened for reading | /proc/805/cmdline | N/A | N/A |
| File opened for reading | /proc/1/cmdline | N/A | N/A |
| File opened for reading | /proc/8/cmdline | N/A | N/A |
| File opened for reading | /proc/708/cmdline | N/A | N/A |
| File opened for reading | /proc/729/cmdline | N/A | N/A |
| File opened for reading | /proc/748/cmdline | N/A | N/A |
| File opened for reading | /proc/766/cmdline | N/A | N/A |
| File opened for reading | /proc/770/cmdline | N/A | N/A |
| File opened for reading | /proc/794/cmdline | N/A | N/A |
| File opened for reading | /proc/15/cmdline | N/A | N/A |
| File opened for reading | /proc/705/cmdline | N/A | N/A |
| File opened for reading | /proc/798/cmdline | N/A | N/A |
| File opened for reading | /proc/817/cmdline | N/A | N/A |
| File opened for reading | /proc/727/cmdline | N/A | N/A |
| File opened for reading | /proc/796/cmdline | N/A | N/A |
| File opened for reading | /proc/806/cmdline | N/A | N/A |
| File opened for reading | /proc/71/cmdline | N/A | N/A |
| File opened for reading | /proc/719/cmdline | N/A | N/A |
| File opened for reading | /proc/73/cmdline | N/A | N/A |
| File opened for reading | /proc/724/cmdline | N/A | N/A |
| File opened for reading | /proc/732/cmdline | N/A | N/A |
| File opened for reading | /proc/781/cmdline | N/A | N/A |
| File opened for reading | /proc/3/cmdline | N/A | N/A |
| File opened for reading | /proc/726/cmdline | N/A | N/A |
| File opened for reading | /proc/76/cmdline | N/A | N/A |
| File opened for reading | /proc/161/cmdline | N/A | N/A |
| File opened for reading | /proc/382/cmdline | N/A | N/A |
| File opened for reading | /proc/679/cmdline | N/A | N/A |
| File opened for reading | /proc/749/cmdline | N/A | N/A |
| File opened for reading | /proc/775/cmdline | N/A | N/A |
| File opened for reading | /proc/7/cmdline | N/A | N/A |
| File opened for reading | /proc/36/cmdline | N/A | N/A |
| File opened for reading | /proc/777/cmdline | N/A | N/A |
| File opened for reading | /proc/788/cmdline | N/A | N/A |
| File opened for reading | /proc/747/cmdline | N/A | N/A |
| File opened for reading | /proc/760/cmdline | N/A | N/A |
| File opened for reading | /proc/814/cmdline | N/A | N/A |
| File opened for reading | /proc/710/cmdline | N/A | N/A |
| File opened for reading | /proc/731/cmdline | N/A | N/A |
| File opened for reading | /proc/797/cmdline | N/A | N/A |
| File opened for reading | /proc/11/cmdline | N/A | N/A |
| File opened for reading | /proc/783/cmdline | N/A | N/A |
| File opened for reading | /proc/772/cmdline | N/A | N/A |
| File opened for reading | /proc/126/cmdline | N/A | N/A |
| File opened for reading | /proc/155/cmdline | N/A | N/A |
| File opened for reading | /proc/738/cmdline | N/A | N/A |
| File opened for reading | /proc/741/cmdline | N/A | N/A |
| File opened for reading | /proc/762/cmdline | N/A | N/A |
| File opened for reading | /proc/768/cmdline | N/A | N/A |
| File opened for reading | /proc/774/cmdline | N/A | N/A |
| File opened for reading | /proc/13/cmdline | N/A | N/A |
| File opened for reading | /proc/74/cmdline | N/A | N/A |
| File opened for reading | /proc/734/cmdline | N/A | N/A |
| File opened for reading | /proc/752/cmdline | N/A | N/A |
| File opened for reading | /proc/784/cmdline | N/A | N/A |
| File opened for reading | /proc/793/cmdline | N/A | N/A |
Processes
/tmp/d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf
[/tmp/d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
| US | 8.8.8.8:53 | cnc.condi.cloud | udp |
Files
N/A