Malware Analysis Report

2025-08-05 09:46

Sample ID 240419-n7jf4sca8z
Target 20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf
SHA256 20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f
Tags
mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f

Threat Level: Known bad

The file 20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf was found to be: Known bad.

Malicious Activity Summary

mirai

Mirai family

Changes its process name

Enumerates running processes

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-19 12:02

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-19 12:02

Reported

2024-04-19 12:04

Platform

debian9-armhf-20240226-en

Max time kernel

149s

Max time network

146s

Command Line

[/tmp/20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself a- M"! /tmp/20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf N/A

Enumerates running processes

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/19/cmdline N/A N/A
File opened for reading /proc/649/cmdline N/A N/A
File opened for reading /proc/673/cmdline N/A N/A
File opened for reading /proc/731/cmdline N/A N/A
File opened for reading /proc/737/cmdline N/A N/A
File opened for reading /proc/770/cmdline N/A N/A
File opened for reading /proc/10/cmdline N/A N/A
File opened for reading /proc/98/cmdline N/A N/A
File opened for reading /proc/6/cmdline N/A N/A
File opened for reading /proc/639/cmdline N/A N/A
File opened for reading /proc/662/cmdline N/A N/A
File opened for reading /proc/665/cmdline N/A N/A
File opened for reading /proc/732/cmdline N/A N/A
File opened for reading /proc/3/cmdline N/A N/A
File opened for reading /proc/684/cmdline N/A N/A
File opened for reading /proc/725/cmdline N/A N/A
File opened for reading /proc/744/cmdline N/A N/A
File opened for reading /proc/9/cmdline N/A N/A
File opened for reading /proc/12/cmdline N/A N/A
File opened for reading /proc/654/cmdline N/A N/A
File opened for reading /proc/695/cmdline N/A N/A
File opened for reading /proc/18/cmdline N/A N/A
File opened for reading /proc/690/cmdline N/A N/A
File opened for reading /proc/696/cmdline N/A N/A
File opened for reading /proc/748/cmdline N/A N/A
File opened for reading /proc/29/cmdline N/A N/A
File opened for reading /proc/657/cmdline N/A N/A
File opened for reading /proc/700/cmdline N/A N/A
File opened for reading /proc/704/cmdline N/A N/A
File opened for reading /proc/724/cmdline N/A N/A
File opened for reading /proc/735/cmdline N/A N/A
File opened for reading /proc/758/cmdline N/A N/A
File opened for reading /proc/26/cmdline N/A N/A
File opened for reading /proc/653/cmdline N/A N/A
File opened for reading /proc/671/cmdline N/A N/A
File opened for reading /proc/762/cmdline N/A N/A
File opened for reading /proc/1/cmdline N/A N/A
File opened for reading /proc/138/cmdline N/A N/A
File opened for reading /proc/142/cmdline N/A N/A
File opened for reading /proc/668/cmdline N/A N/A
File opened for reading /proc/701/cmdline N/A N/A
File opened for reading /proc/728/cmdline N/A N/A
File opened for reading /proc/742/cmdline N/A N/A
File opened for reading /proc/749/cmdline N/A N/A
File opened for reading /proc/694/cmdline N/A N/A
File opened for reading /proc/702/cmdline N/A N/A
File opened for reading /proc/730/cmdline N/A N/A
File opened for reading /proc/739/cmdline N/A N/A
File opened for reading /proc/16/cmdline N/A N/A
File opened for reading /proc/110/cmdline N/A N/A
File opened for reading /proc/658/cmdline N/A N/A
File opened for reading /proc/720/cmdline N/A N/A
File opened for reading /proc/721/cmdline N/A N/A
File opened for reading /proc/729/cmdline N/A N/A
File opened for reading /proc/13/cmdline N/A N/A
File opened for reading /proc/267/cmdline N/A N/A
File opened for reading /proc/687/cmdline N/A N/A
File opened for reading /proc/697/cmdline N/A N/A
File opened for reading /proc/632/cmdline N/A N/A
File opened for reading /proc/23/cmdline N/A N/A
File opened for reading /proc/771/cmdline N/A N/A
File opened for reading /proc/717/cmdline N/A N/A
File opened for reading /proc/638/cmdline N/A N/A
File opened for reading /proc/669/cmdline N/A N/A

Processes

/tmp/20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf

[/tmp/20763f800034ce169e21e79d3cf9d11f61e86905ad8b0c516b354f9a3a2ac97f.elf]

Network

Country Destination Domain Proto
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp
US 8.8.8.8:53 bn.networkbn.click udp
VN 103.167.88.226:43957 bn.networkbn.click tcp

Files

N/A