Analysis Overview
score
10/10
SHA256
682effde9a843d148b41ee802f86683c7b2c4310d6d2003b0dee381050e44633
Threat Level: Known bad
The file f90653583ae7efbf695d8ee63045b743.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Deletes itself
Modifies Watchdog functionality
UPX packed file
Changes its process name
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-21 18:26
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-21 18:26
Reported
2024-07-21 18:28
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
149s
Max time network
149s
Command Line
[/tmp/f90653583ae7efbf695d8ee63045b743.elf]
Signatures
Mirai
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | N/A | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/7cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/15cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/28cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/465cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/542cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/557cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1082cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1164cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1499cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1501cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/452cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/955cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1150cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/173cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/439cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/464cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/632cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/665cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/25cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/169cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1122cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1222cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1509cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/82cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/429cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/944cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1290cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1299cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/467cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/598cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/689cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/965cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1270cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/697cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1148cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1326cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/442cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1232cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/89cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/98cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/518cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/661cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1256cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1257cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/4cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/6cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/17cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/29cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/31cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/115cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1126cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/646cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1025cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/18cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/84cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/160cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/164cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/171cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/449cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/463cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/1178cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/3cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/163cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
| File opened for reading | /proc/170cmdline | /tmp/f90653583ae7efbf695d8ee63045b743.elf | N/A |
Processes
/tmp/f90653583ae7efbf695d8ee63045b743.elf
[/tmp/f90653583ae7efbf695d8ee63045b743.elf]
Network
| Country | Destination | Domain | Proto |
| NL | 91.92.241.118:18129 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.7:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 84.17.50.9:443 | 1527653184.rsc.cdn77.org | tcp |
Files
memory/1504-1-0x0000000008048000-0x000000000805b988-memory.dmp