Analysis Overview
score
10/10
SHA256
8125867675d0e9e71bceb9ad304ce43e254c44a71ecbd0729c48243908f3267f
Threat Level: Known bad
The file ee6fd6964d20316ca5d4d90a04792d43.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Changes its process name
Enumerates running processes
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-04-19 08:44
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-19 08:44
Reported
2024-04-19 08:46
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
149s
Max time network
146s
Command Line
[/tmp/ee6fd6964d20316ca5d4d90a04792d43.elf]
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | N/A | /tmp/ee6fd6964d20316ca5d4d90a04792d43.elf | N/A |
Enumerates running processes
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/24/cmdline | N/A | N/A |
| File opened for reading | /proc/34/cmdline | N/A | N/A |
| File opened for reading | /proc/308/cmdline | N/A | N/A |
| File opened for reading | /proc/508/cmdline | N/A | N/A |
| File opened for reading | /proc/733/cmdline | N/A | N/A |
| File opened for reading | /proc/1301/cmdline | N/A | N/A |
| File opened for reading | /proc/1560/cmdline | N/A | N/A |
| File opened for reading | /proc/172/cmdline | N/A | N/A |
| File opened for reading | /proc/491/cmdline | N/A | N/A |
| File opened for reading | /proc/1091/cmdline | N/A | N/A |
| File opened for reading | /proc/1122/cmdline | N/A | N/A |
| File opened for reading | /proc/1153/cmdline | N/A | N/A |
| File opened for reading | /proc/1196/cmdline | N/A | N/A |
| File opened for reading | /proc/1558/cmdline | N/A | N/A |
| File opened for reading | /proc/1076/cmdline | N/A | N/A |
| File opened for reading | /proc/35/cmdline | N/A | N/A |
| File opened for reading | /proc/81/cmdline | N/A | N/A |
| File opened for reading | /proc/247/cmdline | N/A | N/A |
| File opened for reading | /proc/467/cmdline | N/A | N/A |
| File opened for reading | /proc/542/cmdline | N/A | N/A |
| File opened for reading | /proc/656/cmdline | N/A | N/A |
| File opened for reading | /proc/676/cmdline | N/A | N/A |
| File opened for reading | /proc/1199/cmdline | N/A | N/A |
| File opened for reading | /proc/2/cmdline | N/A | N/A |
| File opened for reading | /proc/13/cmdline | N/A | N/A |
| File opened for reading | /proc/1568/cmdline | N/A | N/A |
| File opened for reading | /proc/15/cmdline | N/A | N/A |
| File opened for reading | /proc/29/cmdline | N/A | N/A |
| File opened for reading | /proc/484/cmdline | N/A | N/A |
| File opened for reading | /proc/1140/cmdline | N/A | N/A |
| File opened for reading | /proc/1157/cmdline | N/A | N/A |
| File opened for reading | /proc/1193/cmdline | N/A | N/A |
| File opened for reading | /proc/1525/cmdline | N/A | N/A |
| File opened for reading | /proc/1181/cmdline | N/A | N/A |
| File opened for reading | /proc/11/cmdline | N/A | N/A |
| File opened for reading | /proc/131/cmdline | N/A | N/A |
| File opened for reading | /proc/160/cmdline | N/A | N/A |
| File opened for reading | /proc/590/cmdline | N/A | N/A |
| File opened for reading | /proc/1000/cmdline | N/A | N/A |
| File opened for reading | /proc/1082/cmdline | N/A | N/A |
| File opened for reading | /proc/1175/cmdline | N/A | N/A |
| File opened for reading | /proc/1201/cmdline | N/A | N/A |
| File opened for reading | /proc/1282/cmdline | N/A | N/A |
| File opened for reading | /proc/1548/cmdline | N/A | N/A |
| File opened for reading | /proc/1481/cmdline | N/A | N/A |
| File opened for reading | /proc/9/cmdline | N/A | N/A |
| File opened for reading | /proc/10/cmdline | N/A | N/A |
| File opened for reading | /proc/84/cmdline | N/A | N/A |
| File opened for reading | /proc/165/cmdline | N/A | N/A |
| File opened for reading | /proc/659/cmdline | N/A | N/A |
| File opened for reading | /proc/696/cmdline | N/A | N/A |
| File opened for reading | /proc/1074/cmdline | N/A | N/A |
| File opened for reading | /proc/1458/cmdline | N/A | N/A |
| File opened for reading | /proc/3/cmdline | N/A | N/A |
| File opened for reading | /proc/167/cmdline | N/A | N/A |
| File opened for reading | /proc/175/cmdline | N/A | N/A |
| File opened for reading | /proc/608/cmdline | N/A | N/A |
| File opened for reading | /proc/1168/cmdline | N/A | N/A |
| File opened for reading | /proc/1248/cmdline | N/A | N/A |
| File opened for reading | /proc/83/cmdline | N/A | N/A |
| File opened for reading | /proc/169/cmdline | N/A | N/A |
| File opened for reading | /proc/425/cmdline | N/A | N/A |
| File opened for reading | /proc/1159/cmdline | N/A | N/A |
| File opened for reading | /proc/1550/cmdline | N/A | N/A |
Processes
/tmp/ee6fd6964d20316ca5d4d90a04792d43.elf
[/tmp/ee6fd6964d20316ca5d4d90a04792d43.elf]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | net-killler.store | udp |
| US | 104.21.75.8:2023 | net-killler.store | tcp |
| US | 151.101.194.49:443 | tcp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.194.49:443 | cdn.fwupd.org | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.17:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 104.21.75.8:2023 | net-killler.store | tcp |
| US | 8.8.8.8:53 | aomacamada.ddns.net | udp |
| VN | 203.145.46.240:2023 | aomacamada.ddns.net | tcp |
Files
N/A