Analysis Overview
score
10/10
SHA256
d8e594bd21c8178a8f6ba983515b17692cf782c6bbb372b5fa2e2069b9a79b49
Threat Level: Known bad
The file 89f09e0abcab98e6a7653d7e133af65c.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Changes its process name
Enumerates running processes
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-04-19 09:33
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-19 09:33
Reported
2024-04-19 09:35
Platform
debian9-armhf-20240226-en
Max time kernel
149s
Max time network
144s
Command Line
[/tmp/89f09e0abcab98e6a7653d7e133af65c.elf]
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | a- M"! | /tmp/89f09e0abcab98e6a7653d7e133af65c.elf | N/A |
Enumerates running processes
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/14/cmdline | N/A | N/A |
| File opened for reading | /proc/15/cmdline | N/A | N/A |
| File opened for reading | /proc/140/cmdline | N/A | N/A |
| File opened for reading | /proc/17/cmdline | N/A | N/A |
| File opened for reading | /proc/660/cmdline | N/A | N/A |
| File opened for reading | /proc/686/cmdline | N/A | N/A |
| File opened for reading | /proc/780/cmdline | N/A | N/A |
| File opened for reading | /proc/149/cmdline | N/A | N/A |
| File opened for reading | /proc/689/cmdline | N/A | N/A |
| File opened for reading | /proc/750/cmdline | N/A | N/A |
| File opened for reading | /proc/723/cmdline | N/A | N/A |
| File opened for reading | /proc/659/cmdline | N/A | N/A |
| File opened for reading | /proc/735/cmdline | N/A | N/A |
| File opened for reading | /proc/756/cmdline | N/A | N/A |
| File opened for reading | /proc/776/cmdline | N/A | N/A |
| File opened for reading | /proc/786/cmdline | N/A | N/A |
| File opened for reading | /proc/794/cmdline | N/A | N/A |
| File opened for reading | /proc/6/cmdline | N/A | N/A |
| File opened for reading | /proc/23/cmdline | N/A | N/A |
| File opened for reading | /proc/99/cmdline | N/A | N/A |
| File opened for reading | /proc/704/cmdline | N/A | N/A |
| File opened for reading | /proc/681/cmdline | N/A | N/A |
| File opened for reading | /proc/699/cmdline | N/A | N/A |
| File opened for reading | /proc/785/cmdline | N/A | N/A |
| File opened for reading | /proc/1/cmdline | N/A | N/A |
| File opened for reading | /proc/744/cmdline | N/A | N/A |
| File opened for reading | /proc/111/cmdline | N/A | N/A |
| File opened for reading | /proc/753/cmdline | N/A | N/A |
| File opened for reading | /proc/729/cmdline | N/A | N/A |
| File opened for reading | /proc/758/cmdline | N/A | N/A |
| File opened for reading | /proc/769/cmdline | N/A | N/A |
| File opened for reading | /proc/27/cmdline | N/A | N/A |
| File opened for reading | /proc/161/cmdline | N/A | N/A |
| File opened for reading | /proc/701/cmdline | N/A | N/A |
| File opened for reading | /proc/761/cmdline | N/A | N/A |
| File opened for reading | /proc/781/cmdline | N/A | N/A |
| File opened for reading | /proc/5/cmdline | N/A | N/A |
| File opened for reading | /proc/685/cmdline | N/A | N/A |
| File opened for reading | /proc/736/cmdline | N/A | N/A |
| File opened for reading | /proc/754/cmdline | N/A | N/A |
| File opened for reading | /proc/762/cmdline | N/A | N/A |
| File opened for reading | /proc/791/cmdline | N/A | N/A |
| File opened for reading | /proc/108/cmdline | N/A | N/A |
| File opened for reading | /proc/138/cmdline | N/A | N/A |
| File opened for reading | /proc/694/cmdline | N/A | N/A |
| File opened for reading | /proc/720/cmdline | N/A | N/A |
| File opened for reading | /proc/279/cmdline | N/A | N/A |
| File opened for reading | /proc/671/cmdline | N/A | N/A |
| File opened for reading | /proc/697/cmdline | N/A | N/A |
| File opened for reading | /proc/765/cmdline | N/A | N/A |
| File opened for reading | /proc/28/cmdline | N/A | N/A |
| File opened for reading | /proc/734/cmdline | N/A | N/A |
| File opened for reading | /proc/745/cmdline | N/A | N/A |
| File opened for reading | /proc/749/cmdline | N/A | N/A |
| File opened for reading | /proc/110/cmdline | N/A | N/A |
| File opened for reading | /proc/299/cmdline | N/A | N/A |
| File opened for reading | /proc/656/cmdline | N/A | N/A |
| File opened for reading | /proc/22/cmdline | N/A | N/A |
| File opened for reading | /proc/669/cmdline | N/A | N/A |
| File opened for reading | /proc/757/cmdline | N/A | N/A |
| File opened for reading | /proc/41/cmdline | N/A | N/A |
| File opened for reading | /proc/675/cmdline | N/A | N/A |
| File opened for reading | /proc/732/cmdline | N/A | N/A |
| File opened for reading | /proc/703/cmdline | N/A | N/A |
Processes
/tmp/89f09e0abcab98e6a7653d7e133af65c.elf
[/tmp/89f09e0abcab98e6a7653d7e133af65c.elf]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
| US | 8.8.8.8:53 | proxy.heleh.vn | udp |
| VN | 103.174.73.85:29989 | proxy.heleh.vn | tcp |
Files
N/A