Malware Analysis Report

2024-11-13 12:58

Sample ID 240501-xwg9cagd68
Target 8a1d5e59d69410415f89993ade70c0d2.elf
SHA256 230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61
Tags
upx mirai mirai botnet
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61

Threat Level: Known bad

The file 8a1d5e59d69410415f89993ade70c0d2.elf was found to be: Known bad.

Malicious Activity Summary

upx mirai mirai botnet

Mirai

UPX packed file

Changes its process name

Writes file to tmp directory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-01 19:12

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-01 19:12

Reported

2024-05-01 19:14

Platform

ubuntu2004-amd64-20240221-en

Max time kernel

149s

Max time network

138s

Command Line

[/tmp/8a1d5e59d69410415f89993ade70c0d2.elf]

Signatures

Mirai

botnet mirai

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself a /tmp/8a1d5e59d69410415f89993ade70c0d2.elf N/A
Changes the process name, possibly in an attempt to hide itself N/A /tmp/8a1d5e59d69410415f89993ade70c0d2.elf N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/tempoIlNAk /tmp/8a1d5e59d69410415f89993ade70c0d2.elf N/A

Processes

/tmp/8a1d5e59d69410415f89993ade70c0d2.elf

[/tmp/8a1d5e59d69410415f89993ade70c0d2.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 94.156.66.78:1337 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
NL 94.156.66.78:1337 tcp
NL 94.156.66.78:1337 tcp
NL 94.156.66.78:1337 tcp
NL 94.156.66.78:1337 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
NL 94.156.66.78:1337 tcp

Files

/tmp/tempoIlNAk

MD5 8a1d5e59d69410415f89993ade70c0d2
SHA1 5ae1fea1f50ebc84f38b9ccebf71c8e04d5aadc5
SHA256 230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61
SHA512 8e486e4be37dfe14fc22bfd195a8d5323004872084a5e74dab9d7dd253d316f5fc3056271c0a7e37d5b779eb5ecb546e51332ef52f747798646078ebefea02e8

memory/1467-1-0x0000000008048000-0x0000000008057d08-memory.dmp