Malware Analysis Report

2024-11-13 13:03

Sample ID 240423-jeng5see58
Target 78e8a29955243634a0999832b982c930.elf
SHA256 e5a84800f7626395f95d1773b35bcee30dccf6b3ecd43655190f059a33af5526
Tags
upx mirai mirai botnet
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e5a84800f7626395f95d1773b35bcee30dccf6b3ecd43655190f059a33af5526

Threat Level: Known bad

The file 78e8a29955243634a0999832b982c930.elf was found to be: Known bad.

Malicious Activity Summary

upx mirai mirai botnet

Mirai

UPX packed file

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-23 07:35

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-23 07:35

Reported

2024-04-23 07:37

Platform

debian12-mipsel-20240221-en

Max time kernel

2s

Max time network

19s

Command Line

[/tmp/78e8a29955243634a0999832b982c930.elf]

Signatures

Mirai

botnet mirai

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/exe /tmp/78e8a29955243634a0999832b982c930.elf N/A

Processes

/tmp/78e8a29955243634a0999832b982c930.elf

[/tmp/78e8a29955243634a0999832b982c930.elf]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-mipsel-20240221-en-0 udp
US 1.1.1.1:53 debian12-mipsel-20240221-en-0 udp
US 1.1.1.1:53 debian12-mipsel-20240221-en-0 udp
US 1.1.1.1:53 debian12-mipsel-20240221-en-0 udp

Files

memory/727-1-0x00400000-0x0046d798-memory.dmp