Malware Analysis Report

2024-10-10 11:00

Sample ID 240715-17xpysvbrd
Target SecuriteInfo.com.Linux.Siggen.9999.21233.1569.elf
SHA256 44919525f41f820ddda6ca9544b06affe310d18850bc1cf6342f866319f742ea
Tags
upx mirai mirai botnet
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

44919525f41f820ddda6ca9544b06affe310d18850bc1cf6342f866319f742ea

Threat Level: Known bad

The file SecuriteInfo.com.Linux.Siggen.9999.21233.1569.elf was found to be: Known bad.

Malicious Activity Summary

upx mirai mirai botnet

Mirai

UPX packed file

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-15 22:18

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-15 22:18

Reported

2024-07-15 22:20

Platform

debian12-armhf-20240418-en

Max time kernel

0s

Max time network

146s

Command Line

[/tmp/SecuriteInfo.com.Linux.Siggen.9999.21233.1569.elf]

Signatures

Mirai

botnet mirai

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/exe /tmp/SecuriteInfo.com.Linux.Siggen.9999.21233.1569.elf N/A

Processes

/tmp/SecuriteInfo.com.Linux.Siggen.9999.21233.1569.elf

[/tmp/SecuriteInfo.com.Linux.Siggen.9999.21233.1569.elf]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-armhf-20240418-en-1 udp
US 1.1.1.1:53 debian12-armhf-20240418-en-1 udp
US 1.1.1.1:53 debian12-armhf-20240418-en-1 udp
US 1.1.1.1:53 debian12-armhf-20240418-en-1 udp
US 1.1.1.1:53 0.debian.pool.ntp.org udp

Files

memory/705-1-0x00008000-0x0002d424-memory.dmp