Analysis Overview
score
10/10
SHA256
20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f
Threat Level: Known bad
The file 20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Changes its process name
Enumerates running processes
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-04-19 12:02
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-19 12:02
Reported
2024-04-19 12:04
Platform
debian9-armhf-20240226-en
Max time kernel
149s
Max time network
146s
Command Line
[/tmp/20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf]
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | a- M"! | /tmp/20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf | N/A |
Enumerates running processes
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/19/cmdline | N/A | N/A |
| File opened for reading | /proc/649/cmdline | N/A | N/A |
| File opened for reading | /proc/673/cmdline | N/A | N/A |
| File opened for reading | /proc/731/cmdline | N/A | N/A |
| File opened for reading | /proc/737/cmdline | N/A | N/A |
| File opened for reading | /proc/770/cmdline | N/A | N/A |
| File opened for reading | /proc/10/cmdline | N/A | N/A |
| File opened for reading | /proc/98/cmdline | N/A | N/A |
| File opened for reading | /proc/6/cmdline | N/A | N/A |
| File opened for reading | /proc/639/cmdline | N/A | N/A |
| File opened for reading | /proc/662/cmdline | N/A | N/A |
| File opened for reading | /proc/665/cmdline | N/A | N/A |
| File opened for reading | /proc/732/cmdline | N/A | N/A |
| File opened for reading | /proc/3/cmdline | N/A | N/A |
| File opened for reading | /proc/684/cmdline | N/A | N/A |
| File opened for reading | /proc/725/cmdline | N/A | N/A |
| File opened for reading | /proc/744/cmdline | N/A | N/A |
| File opened for reading | /proc/9/cmdline | N/A | N/A |
| File opened for reading | /proc/12/cmdline | N/A | N/A |
| File opened for reading | /proc/654/cmdline | N/A | N/A |
| File opened for reading | /proc/695/cmdline | N/A | N/A |
| File opened for reading | /proc/18/cmdline | N/A | N/A |
| File opened for reading | /proc/690/cmdline | N/A | N/A |
| File opened for reading | /proc/696/cmdline | N/A | N/A |
| File opened for reading | /proc/748/cmdline | N/A | N/A |
| File opened for reading | /proc/29/cmdline | N/A | N/A |
| File opened for reading | /proc/657/cmdline | N/A | N/A |
| File opened for reading | /proc/700/cmdline | N/A | N/A |
| File opened for reading | /proc/704/cmdline | N/A | N/A |
| File opened for reading | /proc/724/cmdline | N/A | N/A |
| File opened for reading | /proc/735/cmdline | N/A | N/A |
| File opened for reading | /proc/758/cmdline | N/A | N/A |
| File opened for reading | /proc/26/cmdline | N/A | N/A |
| File opened for reading | /proc/653/cmdline | N/A | N/A |
| File opened for reading | /proc/671/cmdline | N/A | N/A |
| File opened for reading | /proc/762/cmdline | N/A | N/A |
| File opened for reading | /proc/1/cmdline | N/A | N/A |
| File opened for reading | /proc/138/cmdline | N/A | N/A |
| File opened for reading | /proc/142/cmdline | N/A | N/A |
| File opened for reading | /proc/668/cmdline | N/A | N/A |
| File opened for reading | /proc/701/cmdline | N/A | N/A |
| File opened for reading | /proc/728/cmdline | N/A | N/A |
| File opened for reading | /proc/742/cmdline | N/A | N/A |
| File opened for reading | /proc/749/cmdline | N/A | N/A |
| File opened for reading | /proc/694/cmdline | N/A | N/A |
| File opened for reading | /proc/702/cmdline | N/A | N/A |
| File opened for reading | /proc/730/cmdline | N/A | N/A |
| File opened for reading | /proc/739/cmdline | N/A | N/A |
| File opened for reading | /proc/16/cmdline | N/A | N/A |
| File opened for reading | /proc/110/cmdline | N/A | N/A |
| File opened for reading | /proc/658/cmdline | N/A | N/A |
| File opened for reading | /proc/720/cmdline | N/A | N/A |
| File opened for reading | /proc/721/cmdline | N/A | N/A |
| File opened for reading | /proc/729/cmdline | N/A | N/A |
| File opened for reading | /proc/13/cmdline | N/A | N/A |
| File opened for reading | /proc/267/cmdline | N/A | N/A |
| File opened for reading | /proc/687/cmdline | N/A | N/A |
| File opened for reading | /proc/697/cmdline | N/A | N/A |
| File opened for reading | /proc/632/cmdline | N/A | N/A |
| File opened for reading | /proc/23/cmdline | N/A | N/A |
| File opened for reading | /proc/771/cmdline | N/A | N/A |
| File opened for reading | /proc/717/cmdline | N/A | N/A |
| File opened for reading | /proc/638/cmdline | N/A | N/A |
| File opened for reading | /proc/669/cmdline | N/A | N/A |
Processes
/tmp/20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf
[/tmp/20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
| US | 8.8.8.8:53 | bn.networkbn.click | udp |
| VN | 103.167.88.226:43957 | bn.networkbn.click | tcp |
Files
N/A