Malware Analysis Report

2025-06-15 23:21

Sample ID 241013-yhjexsveje
Target bc65b67b9d7b698cc14e918d061cc75f.elf
SHA256 62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e
Tags
upx mirai lzrd botnet defense_evasion discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e

Threat Level: Known bad

The file bc65b67b9d7b698cc14e918d061cc75f.elf was found to be: Known bad.

Malicious Activity Summary

upx mirai lzrd botnet defense_evasion discovery

Mirai

Modifies Watchdog functionality

Writes file to system bin folder

Enumerates running processes

UPX packed file

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-13 19:47

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-13 19:47

Reported

2024-10-13 19:49

Platform

ubuntu2204-amd64-20240729-en

Max time kernel

135s

Max time network

147s

Command Line

[/tmp/bc65b67b9d7b698cc14e918d061cc75f.elf]

Signatures

Mirai

botnet mirai

Modifies Watchdog functionality

defense_evasion
Description Indicator Process Target
File opened for modification /dev/misc/watchdog /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for modification /dev/watchdog /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A

Enumerates running processes

Writes file to system bin folder

Description Indicator Process Target
File opened for modification /bin/watchdog /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for modification /sbin/watchdog /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/737/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/872/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1044/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1084/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/4/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/74/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/592/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1098/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/208/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/506/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/585/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/218/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/263/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/829/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1233/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/88/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/110/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1038/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1186/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1187/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1562/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/86/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1013/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/160/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/199/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/771/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1092/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1143/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/16/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/76/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/98/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/212/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/410/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/665/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/868/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1235/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/20/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/25/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/216/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/639/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/860/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1309/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1395/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1565/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/8/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/99/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/742/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1033/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1080/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1160/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1552/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/93/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/542/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/197/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/616/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1054/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1158/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1185/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/1563/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/17/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/119/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/633/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A
File opened for reading /proc/747/status /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf N/A

Processes

/tmp/bc65b67b9d7b698cc14e918d061cc75f.elf

[/tmp/bc65b67b9d7b698cc14e918d061cc75f.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
DE 45.131.65.138:3778 tcp
DE 45.131.65.138:3778 tcp

Files

memory/1565-1-0x0000000000400000-0x0000000000614b00-memory.dmp