Analysis Overview
SHA256
ca66e7e3b88774b516cdb586873f168b21ef248db92a3497201669cbd801d28f
Threat Level: Known bad
The file ca66e7e3b88774b516cdb586873f168b21ef248db92a3497201669cbd801d28f.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Deletes itself
Modifies Watchdog functionality
Enumerates active TCP sockets
Enumerates running processes
Changes its process name
Reads system network configuration
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-03 02:35
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-03 02:35
Reported
2024-07-03 02:37
Platform
ubuntu2204-amd64-20240522.1-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/ca66e7e3b88774b516cdb586873f168b21ef248db92a3497201669cbd801d28f.elf | N/A |
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/ca66e7e3b88774b516cdb586873f168b21ef248db92a3497201669cbd801d28f.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/ca66e7e3b88774b516cdb586873f168b21ef248db92a3497201669cbd801d28f.elf | N/A |
Enumerates active TCP sockets
| Description | Indicator | Process | Target |
| File opened for reading | /proc/net/tcp | /tmp/ca66e7e3b88774b516cdb586873f168b21ef248db92a3497201669cbd801d28f.elf | N/A |
Enumerates running processes
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | N/A | /tmp/ca66e7e3b88774b516cdb586873f168b21ef248db92a3497201669cbd801d28f.elf | N/A |
Reads system network configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/net/tcp | /tmp/ca66e7e3b88774b516cdb586873f168b21ef248db92a3497201669cbd801d28f.elf | N/A |
Reads runtime system information
Processes
/tmp/ca66e7e3b88774b516cdb586873f168b21ef248db92a3497201669cbd801d28f.elf
[/tmp/ca66e7e3b88774b516cdb586873f168b21ef248db92a3497201669cbd801d28f.elf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp | |
| US | 65.222.202.53:80 | tcp |