Analysis Overview
score
10/10
SHA256
4a1934d87decdfad56645d354bd208458619c8281f3bec5a161406811c3ed032
Threat Level: Known bad
The file b0b0f87e748ba4842aa5020739b4007c.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
UPX packed file
Deletes itself
Modifies Watchdog functionality
Changes its process name
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-21 18:26
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-21 18:26
Reported
2024-07-21 18:28
Platform
debian9-mipsbe-20240418-en
Max time kernel
149s
Max time network
150s
Command Line
[/tmp/b0b0f87e748ba4842aa5020739b4007c.elf]
Signatures
Mirai
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | w7vhmg67bvvi | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/72cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/751cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/796cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/8cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/36cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/364cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/753cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/754cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/769cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/794cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/839cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/7cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/9cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/840cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/20cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/758cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/764cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/825cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/4cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/17cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/772cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/776cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/781cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/808cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/763cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/766cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/824cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/770cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/774cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/786cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/809cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/391cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/748cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/822cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/161cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/674cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/381cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/734cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/755cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/802cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/23cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/74cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/762cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/820cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/677cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/730cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/798cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/815cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/838cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/332cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/756cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/681cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/740cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/749cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/773cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/5cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/78cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/14cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/780cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/784cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/793cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/811cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/812cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
| File opened for reading | /proc/1cmdline | /tmp/b0b0f87e748ba4842aa5020739b4007c.elf | N/A |
Processes
/tmp/b0b0f87e748ba4842aa5020739b4007c.elf
[/tmp/b0b0f87e748ba4842aa5020739b4007c.elf]
Network
| Country | Destination | Domain | Proto |
| NL | 91.92.241.118:18129 | tcp |
Files
memory/735-1-0x00400000-0x0042d9e0-memory.dmp