Analysis Overview
score
10/10
SHA256
9a01f605497a1a40e7afbd45817f0766cbe4f933003336c5da3b44d9e36a8025
Threat Level: Known bad
The file d308611c459eb18bd3d7391f76beba1d.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Modifies Watchdog functionality
UPX packed file
Deletes itself
Changes its process name
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-22 00:06
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-22 00:06
Reported
2024-07-22 00:08
Platform
debian12-mipsel-20240221-en
Max time kernel
154s
Max time network
166s
Command Line
[/tmp/d308611c459eb18bd3d7391f76beba1d.elf]
Signatures
Mirai
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | r56gnkohsgnsrgwpwodh | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/787cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/15cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/731cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/58cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/751cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/768cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/1cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/9cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/33cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/114cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/17cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/24cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/42cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/119cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/12cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/37cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/411cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/758cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/3cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/138cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/770cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/786cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/19cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/35cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/656cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/404cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/705cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/757cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/29cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/387cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/20cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/111cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/710cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/783cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/4cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/5cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/334cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/734cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/14cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/27cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/775cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/8cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/742cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/769cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/23cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/110cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/746cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/755cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/763cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/772cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/774cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/7cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/181cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/388cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/748cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/765cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/32cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/48cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/780cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/28cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/325cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/116cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/11cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
| File opened for reading | /proc/59cmdline | /tmp/d308611c459eb18bd3d7391f76beba1d.elf | N/A |
Processes
/tmp/d308611c459eb18bd3d7391f76beba1d.elf
[/tmp/d308611c459eb18bd3d7391f76beba1d.elf]
Network
| Country | Destination | Domain | Proto |
| US | 162.33.179.3:18129 | tcp | |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-5 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-5 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-5 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-5 | udp |
Files
memory/740-1-0x00400000-0x00458ce0-memory.dmp