Malware Analysis Report

2025-06-15 19:37

Sample ID 240521-sf6jsahh67
Target dotnet.x86
SHA256 037cdd6b525ec7f5c3614e888eb6a93fb8c8d7568921c212ba0f9278ffd90c81
Tags
mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

037cdd6b525ec7f5c3614e888eb6a93fb8c8d7568921c212ba0f9278ffd90c81

Threat Level: Known bad

The file dotnet.x86 was found to be: Known bad.

Malicious Activity Summary

mirai

Mirai family

Changes its process name

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-21 15:05

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 15:05

Reported

2024-05-21 15:07

Platform

ubuntu2004-amd64-20240508-en

Max time kernel

143s

Max time network

150s

Command Line

[/tmp/dotnet.x86]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself N/A /tmp/dotnet.x86 N/A

Processes

/tmp/dotnet.x86

[/tmp/dotnet.x86]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 85.192.40.113:61231 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
NL 85.192.40.113:61231 tcp
NL 85.192.40.113:61231 tcp

Files

N/A