Malware Analysis Report

2024-11-13 13:04

Sample ID 240502-bhr1qsce5w
Target 230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61.elf
SHA256 230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61
Tags
upx mirai mirai botnet
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61

Threat Level: Known bad

The file 230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61.elf was found to be: Known bad.

Malicious Activity Summary

upx mirai mirai botnet

Mirai

UPX packed file

Changes its process name

Writes file to tmp directory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-02 01:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-02 01:09

Reported

2024-05-02 01:11

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

149s

Max time network

140s

Command Line

[/tmp/230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61.elf]

Signatures

Mirai

botnet mirai

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself a /tmp/230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61.elf N/A
Changes the process name, possibly in an attempt to hide itself N/A /tmp/230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61.elf N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/tempAdNfBJ /tmp/230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61.elf N/A

Processes

/tmp/230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61.elf

[/tmp/230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61.elf]

Network

Country Destination Domain Proto
NL 94.156.66.78:1337 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
GB 195.181.164.20:443 tcp
US 151.101.1.91:443 tcp
US 151.101.2.49:443 tcp
NL 94.156.66.78:1337 tcp
NL 94.156.66.78:1337 tcp
NL 94.156.66.78:1337 tcp
NL 94.156.66.78:1337 tcp
NL 94.156.66.78:1337 tcp

Files

/tmp/tempAdNfBJ

MD5 8a1d5e59d69410415f89993ade70c0d2
SHA1 5ae1fea1f50ebc84f38b9ccebf71c8e04d5aadc5
SHA256 230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61
SHA512 8e486e4be37dfe14fc22bfd195a8d5323004872084a5e74dab9d7dd253d316f5fc3056271c0a7e37d5b779eb5ecb546e51332ef52f747798646078ebefea02e8

memory/1527-1-0x0000000008048000-0x0000000008057d08-memory.dmp