Analysis Overview
score
10/10
SHA256
30740993a23d70da2be1f3a488a7964557d2087a95a1dff7c6c0bb73137865ad
Threat Level: Known bad
The file SecuriteInfo.com.Linux.Siggen.9999.8878.19249.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
UPX packed file
Enumerates running processes
Changes its process name
Reads runtime system information
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-07-03 20:28
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-03 20:28
Reported
2024-07-03 20:30
Platform
ubuntu2404-amd64-20240523-en
Max time kernel
36s
Max time network
39s
Command Line
[/tmp/SecuriteInfo.com.Linux.Siggen.9999.8878.19249.elf]
Signatures
Mirai
Enumerates running processes
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | a | /tmp/SecuriteInfo.com.Linux.Siggen.9999.8878.19249.elf | N/A |
Reads runtime system information
Processes
/tmp/SecuriteInfo.com.Linux.Siggen.9999.8878.19249.elf
[/tmp/SecuriteInfo.com.Linux.Siggen.9999.8878.19249.elf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 91.92.242.155:55301 | tcp | |
| NL | 91.92.242.155:55301 | tcp | |
| NL | 91.92.242.155:55301 | tcp | |
| NL | 91.92.242.155:55301 | tcp | |
| NL | 91.92.242.155:55301 | tcp | |
| NL | 91.92.242.155:55301 | tcp | |
| NL | 91.92.242.155:55301 | tcp | |
| NL | 91.92.242.155:55301 | tcp | |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 91.189.91.82:80 | security.ubuntu.com | tcp |
| SE | 194.71.11.165:80 | se.archive.ubuntu.com | tcp |
| NL | 91.92.242.155:55301 | tcp |
Files
memory/2448-1-0x0000000000400000-0x0000000000508a48-memory.dmp