Analysis Overview
score
10/10
SHA256
0e522a4e196ddaf33ce74f7ff55a14711f00a249f413de0e4d0a8cd17e8058cb
Threat Level: Known bad
The file 0ffd6d09e8af81175747c1830ae43f68.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Deletes itself
Modifies Watchdog functionality
UPX packed file
Changes its process name
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-21 18:26
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-21 18:26
Reported
2024-07-21 18:28
Platform
debian9-mipsel-20240611-en
Max time kernel
133s
Max time network
150s
Command Line
[/tmp/0ffd6d09e8af81175747c1830ae43f68.elf]
Signatures
Mirai
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | 6shue7wcf78aumnm6gsb23av8gvj | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/804cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/37cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/78cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/144cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/733cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/790cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/786cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/702cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/716cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/719cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/744cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/764cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/150cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/367cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/761cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/18cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/670cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/782cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/788cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/805cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/729cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/739cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/740cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/71cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/165cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/225cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/713cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/727cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/762cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/765cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/778cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/789cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/13cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/36cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/331cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/726cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/796cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/802cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/809cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/14cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/704cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/746cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/747cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/784cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/751cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/752cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/19cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/20cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/75cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/329cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/665cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/16cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/678cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/694cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/728cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/738cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/3cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/24cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/712cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/718cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/756cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/9cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/10cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
| File opened for reading | /proc/792cmdline | /tmp/0ffd6d09e8af81175747c1830ae43f68.elf | N/A |
Processes
/tmp/0ffd6d09e8af81175747c1830ae43f68.elf
[/tmp/0ffd6d09e8af81175747c1830ae43f68.elf]
Network
| Country | Destination | Domain | Proto |
| NL | 91.92.241.118:18129 | tcp |
Files
memory/700-1-0x00400000-0x0042dbe0-memory.dmp