Malware Analysis Report

2025-08-06 00:32

Sample ID 240419-ljq5yadh34
Target ea43929d4909e3e587276556a147b594.elf
SHA256 51ec23564f60188b7a2d834d6a3438bbd104e6ebc931036fa70013be854b46ee
Tags
mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

51ec23564f60188b7a2d834d6a3438bbd104e6ebc931036fa70013be854b46ee

Threat Level: Known bad

The file ea43929d4909e3e587276556a147b594.elf was found to be: Known bad.

Malicious Activity Summary

mirai

Mirai family

Changes its process name

Enumerates running processes

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-19 09:34

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-19 09:34

Reported

2024-04-19 09:36

Platform

ubuntu2004-amd64-20240221-en

Max time kernel

149s

Max time network

148s

Command Line

[/tmp/ea43929d4909e3e587276556a147b594.elf]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself a- M"! /tmp/ea43929d4909e3e587276556a147b594.elf N/A

Enumerates running processes

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/1893/cmdline N/A N/A
File opened for reading /proc/165/cmdline N/A N/A
File opened for reading /proc/1199/cmdline N/A N/A
File opened for reading /proc/1399/cmdline N/A N/A
File opened for reading /proc/1529/cmdline N/A N/A
File opened for reading /proc/859/cmdline N/A N/A
File opened for reading /proc/962/cmdline N/A N/A
File opened for reading /proc/1423/cmdline N/A N/A
File opened for reading /proc/1097/cmdline N/A N/A
File opened for reading /proc/1913/cmdline N/A N/A
File opened for reading /proc/1554/cmdline N/A N/A
File opened for reading /proc/23/cmdline N/A N/A
File opened for reading /proc/74/cmdline N/A N/A
File opened for reading /proc/1464/cmdline N/A N/A
File opened for reading /proc/1536/cmdline N/A N/A
File opened for reading /proc/1614/cmdline N/A N/A
File opened for reading /proc/1898/cmdline N/A N/A
File opened for reading /proc/200/cmdline N/A N/A
File opened for reading /proc/1422/cmdline N/A N/A
File opened for reading /proc/1456/cmdline N/A N/A
File opened for reading /proc/1493/cmdline N/A N/A
File opened for reading /proc/1724/cmdline N/A N/A
File opened for reading /proc/16/cmdline N/A N/A
File opened for reading /proc/18/cmdline N/A N/A
File opened for reading /proc/400/cmdline N/A N/A
File opened for reading /proc/954/cmdline N/A N/A
File opened for reading /proc/1918/cmdline N/A N/A
File opened for reading /proc/6/cmdline N/A N/A
File opened for reading /proc/12/cmdline N/A N/A
File opened for reading /proc/70/cmdline N/A N/A
File opened for reading /proc/1754/cmdline N/A N/A
File opened for reading /proc/1834/cmdline N/A N/A
File opened for reading /proc/82/cmdline N/A N/A
File opened for reading /proc/309/cmdline N/A N/A
File opened for reading /proc/1548/cmdline N/A N/A
File opened for reading /proc/1108/cmdline N/A N/A
File opened for reading /proc/1126/cmdline N/A N/A
File opened for reading /proc/1416/cmdline N/A N/A
File opened for reading /proc/1708/cmdline N/A N/A
File opened for reading /proc/1718/cmdline N/A N/A
File opened for reading /proc/119/cmdline N/A N/A
File opened for reading /proc/592/cmdline N/A N/A
File opened for reading /proc/598/cmdline N/A N/A
File opened for reading /proc/1908/cmdline N/A N/A
File opened for reading /proc/979/cmdline N/A N/A
File opened for reading /proc/1312/cmdline N/A N/A
File opened for reading /proc/20/cmdline N/A N/A
File opened for reading /proc/640/cmdline N/A N/A
File opened for reading /proc/680/cmdline N/A N/A
File opened for reading /proc/1595/cmdline N/A N/A
File opened for reading /proc/1735/cmdline N/A N/A
File opened for reading /proc/1932/cmdline N/A N/A
File opened for reading /proc/24/cmdline N/A N/A
File opened for reading /proc/78/cmdline N/A N/A
File opened for reading /proc/1492/cmdline N/A N/A
File opened for reading /proc/1549/cmdline N/A N/A
File opened for reading /proc/1899/cmdline N/A N/A
File opened for reading /proc/22/cmdline N/A N/A
File opened for reading /proc/785/cmdline N/A N/A
File opened for reading /proc/1420/cmdline N/A N/A
File opened for reading /proc/1736/cmdline N/A N/A
File opened for reading /proc/91/cmdline N/A N/A
File opened for reading /proc/92/cmdline N/A N/A
File opened for reading /proc/1604/cmdline N/A N/A

Processes

/tmp/ea43929d4909e3e587276556a147b594.elf

[/tmp/ea43929d4909e3e587276556a147b594.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 8.8.8.8:53 proxy.heleh.vn udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 1.1.1.1:53 _https._tcp.deb.nodesource.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.nl.archive.ubuntu.com udp
US 151.101.2.49:443 cdn.fwupd.org tcp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 nl.archive.ubuntu.com udp
US 1.1.1.1:53 nl.archive.ubuntu.com udp
GB 185.125.190.39:80 security.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
US 151.101.2.49:443 cdn.fwupd.org tcp
GB 185.125.190.36:80 security.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
US 1.1.1.1:53 _https._tcp.motd.ubuntu.com udp
US 1.1.1.1:53 motd.ubuntu.com udp
US 1.1.1.1:53 motd.ubuntu.com udp
IE 54.171.230.55:443 motd.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
US 1.1.1.1:53 _https._tcp.esm.ubuntu.com udp
US 1.1.1.1:53 esm.ubuntu.com udp
US 1.1.1.1:53 esm.ubuntu.com udp
GB 185.125.190.75:443 esm.ubuntu.com tcp
IE 34.254.182.186:443 motd.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
US 1.1.1.1:53 deb.nodesource.com udp
US 1.1.1.1:53 deb.nodesource.com udp
US 104.22.5.26:443 deb.nodesource.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
NL 213.136.12.213:80 nl.archive.ubuntu.com tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
GB 185.125.190.36:80 security.ubuntu.com tcp
US 91.189.91.83:80 security.ubuntu.com tcp
GB 185.125.190.39:80 security.ubuntu.com tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
US 8.8.8.8:53 proxy.heleh.vn udp
VN 103.174.73.85:29989 proxy.heleh.vn tcp
GB 185.125.190.36:80 security.ubuntu.com tcp
US 91.189.91.83:80 security.ubuntu.com tcp

Files

N/A