Analysis Overview
score
10/10
SHA256
87457bb32f84b446a8690c042959b89ed31f090d9fdabe3211e34bf14e6c21b6
Threat Level: Known bad
The file debug.dbg was found to be: Known bad.
Malicious Activity Summary
Mirai family
Enumerates running processes
Changes its process name
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-04-19 20:03
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-19 20:03
Reported
2024-04-19 20:04
Platform
ubuntu2004-amd64-20240221-en
Max time kernel
39s
Max time network
40s
Command Line
[/tmp/debug.dbg]
Signatures
Enumerates running processes
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | N/A | /tmp/debug.dbg | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/1098/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1415/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1426/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1561/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1700/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/116/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1502/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1614/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1641/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/963/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/273/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1559/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1620/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/79/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/170/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1090/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1095/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1558/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1587/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1606/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1621/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/130/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1715/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1496/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1503/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1656/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1420/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/163/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1105/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1445/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/93/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/835/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1465/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/84/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1515/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1564/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1566/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1425/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1497/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1458/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1052/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1120/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1414/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1578/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1655/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/92/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/160/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/902/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1494/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1576/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1699/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/14/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1044/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1540/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1552/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1556/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/19/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/400/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1035/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1453/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/1582/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/165/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/82/cmdline | /tmp/debug.dbg | N/A |
| File opened for reading | /proc/455/cmdline | /tmp/debug.dbg | N/A |
Processes
/tmp/debug.dbg
[/tmp/debug.dbg]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | net-killler.store | udp |
| US | 8.8.8.8:53 | net-killler.store | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | daisy.ubuntu.com | udp |
| US | 1.1.1.1:53 | daisy.ubuntu.com | udp |
| US | 1.1.1.1:53 | daisy.ubuntu.com | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.194.49:443 | cdn.fwupd.org | tcp |
| US | 151.101.194.49:443 | cdn.fwupd.org | tcp |
| US | 8.8.8.8:53 | net-killler.store | udp |
| US | 1.1.1.1:53 | _https._tcp.motd.ubuntu.com | udp |
| US | 1.1.1.1:53 | _https._tcp.esm.ubuntu.com | udp |
| US | 8.8.8.8:53 | net-killler.store | udp |
| US | 8.8.8.8:53 | net-killler.store | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
N/A