Analysis Overview
SHA256
5f2ac36fa105fc60d0d98a559a34ebbcde4a7198138bce3f58658d0508de24b0
Threat Level: Known bad
The file 5f2ac36fa105fc60d0d98a559a34ebbcde4a7198138bce3f58658d0508de24b0.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Deletes itself
Modifies Watchdog functionality
Enumerates running processes
Writes file to system bin folder
Changes its process name
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-27 01:19
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-27 01:19
Reported
2024-06-27 01:22
Platform
debian12-armhf-20240221-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/5f2ac36fa105fc60d0d98a559a34ebbcde4a7198138bce3f58658d0508de24b0.elf | N/A |
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/5f2ac36fa105fc60d0d98a559a34ebbcde4a7198138bce3f58658d0508de24b0.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/5f2ac36fa105fc60d0d98a559a34ebbcde4a7198138bce3f58658d0508de24b0.elf | N/A |
Enumerates running processes
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /sbin/watchdog | /tmp/5f2ac36fa105fc60d0d98a559a34ebbcde4a7198138bce3f58658d0508de24b0.elf | N/A |
| File opened for modification | /bin/watchdog | /tmp/5f2ac36fa105fc60d0d98a559a34ebbcde4a7198138bce3f58658d0508de24b0.elf | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | /bin/sh | /tmp/5f2ac36fa105fc60d0d98a559a34ebbcde4a7198138bce3f58658d0508de24b0.elf | N/A |
Reads runtime system information
Processes
/tmp/5f2ac36fa105fc60d0d98a559a34ebbcde4a7198138bce3f58658d0508de24b0.elf
[/tmp/5f2ac36fa105fc60d0d98a559a34ebbcde4a7198138bce3f58658d0508de24b0.elf]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:59666 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-11 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-11 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-11 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-11 | udp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |
| US | 8.8.8.8:53 | clients.kaitenc2.de | udp |
| NL | 45.90.13.207:7777 | clients.kaitenc2.de | tcp |