Malware Analysis Report

2025-08-06 00:30

Sample ID 240419-km58ladb39
Target ee6fd6964d20316ca5d4d90a04792d43.elf
SHA256 8125867675d0e9e71bceb9ad304ce43e254c44a71ecbd0729c48243908f3267f
Tags
mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8125867675d0e9e71bceb9ad304ce43e254c44a71ecbd0729c48243908f3267f

Threat Level: Known bad

The file ee6fd6964d20316ca5d4d90a04792d43.elf was found to be: Known bad.

Malicious Activity Summary

mirai

Mirai family

Changes its process name

Enumerates running processes

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-19 08:44

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-19 08:44

Reported

2024-04-19 08:46

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

149s

Max time network

146s

Command Line

[/tmp/ee6fd6964d20316ca5d4d90a04792d43.elf]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself N/A /tmp/ee6fd6964d20316ca5d4d90a04792d43.elf N/A

Enumerates running processes

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/24/cmdline N/A N/A
File opened for reading /proc/34/cmdline N/A N/A
File opened for reading /proc/308/cmdline N/A N/A
File opened for reading /proc/508/cmdline N/A N/A
File opened for reading /proc/733/cmdline N/A N/A
File opened for reading /proc/1301/cmdline N/A N/A
File opened for reading /proc/1560/cmdline N/A N/A
File opened for reading /proc/172/cmdline N/A N/A
File opened for reading /proc/491/cmdline N/A N/A
File opened for reading /proc/1091/cmdline N/A N/A
File opened for reading /proc/1122/cmdline N/A N/A
File opened for reading /proc/1153/cmdline N/A N/A
File opened for reading /proc/1196/cmdline N/A N/A
File opened for reading /proc/1558/cmdline N/A N/A
File opened for reading /proc/1076/cmdline N/A N/A
File opened for reading /proc/35/cmdline N/A N/A
File opened for reading /proc/81/cmdline N/A N/A
File opened for reading /proc/247/cmdline N/A N/A
File opened for reading /proc/467/cmdline N/A N/A
File opened for reading /proc/542/cmdline N/A N/A
File opened for reading /proc/656/cmdline N/A N/A
File opened for reading /proc/676/cmdline N/A N/A
File opened for reading /proc/1199/cmdline N/A N/A
File opened for reading /proc/2/cmdline N/A N/A
File opened for reading /proc/13/cmdline N/A N/A
File opened for reading /proc/1568/cmdline N/A N/A
File opened for reading /proc/15/cmdline N/A N/A
File opened for reading /proc/29/cmdline N/A N/A
File opened for reading /proc/484/cmdline N/A N/A
File opened for reading /proc/1140/cmdline N/A N/A
File opened for reading /proc/1157/cmdline N/A N/A
File opened for reading /proc/1193/cmdline N/A N/A
File opened for reading /proc/1525/cmdline N/A N/A
File opened for reading /proc/1181/cmdline N/A N/A
File opened for reading /proc/11/cmdline N/A N/A
File opened for reading /proc/131/cmdline N/A N/A
File opened for reading /proc/160/cmdline N/A N/A
File opened for reading /proc/590/cmdline N/A N/A
File opened for reading /proc/1000/cmdline N/A N/A
File opened for reading /proc/1082/cmdline N/A N/A
File opened for reading /proc/1175/cmdline N/A N/A
File opened for reading /proc/1201/cmdline N/A N/A
File opened for reading /proc/1282/cmdline N/A N/A
File opened for reading /proc/1548/cmdline N/A N/A
File opened for reading /proc/1481/cmdline N/A N/A
File opened for reading /proc/9/cmdline N/A N/A
File opened for reading /proc/10/cmdline N/A N/A
File opened for reading /proc/84/cmdline N/A N/A
File opened for reading /proc/165/cmdline N/A N/A
File opened for reading /proc/659/cmdline N/A N/A
File opened for reading /proc/696/cmdline N/A N/A
File opened for reading /proc/1074/cmdline N/A N/A
File opened for reading /proc/1458/cmdline N/A N/A
File opened for reading /proc/3/cmdline N/A N/A
File opened for reading /proc/167/cmdline N/A N/A
File opened for reading /proc/175/cmdline N/A N/A
File opened for reading /proc/608/cmdline N/A N/A
File opened for reading /proc/1168/cmdline N/A N/A
File opened for reading /proc/1248/cmdline N/A N/A
File opened for reading /proc/83/cmdline N/A N/A
File opened for reading /proc/169/cmdline N/A N/A
File opened for reading /proc/425/cmdline N/A N/A
File opened for reading /proc/1159/cmdline N/A N/A
File opened for reading /proc/1550/cmdline N/A N/A

Processes

/tmp/ee6fd6964d20316ca5d4d90a04792d43.elf

[/tmp/ee6fd6964d20316ca5d4d90a04792d43.elf]

Network

Country Destination Domain Proto
US 8.8.8.8:53 net-killler.store udp
US 104.21.75.8:2023 net-killler.store tcp
US 151.101.194.49:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.194.49:443 cdn.fwupd.org tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.17:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 104.21.75.8:2023 net-killler.store tcp
US 8.8.8.8:53 aomacamada.ddns.net udp
VN 203.145.46.240:2023 aomacamada.ddns.net tcp

Files

N/A