Analysis Overview
SHA256
62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e
Threat Level: Known bad
The file bc65b67b9d7b698cc14e918d061cc75f.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Modifies Watchdog functionality
Writes file to system bin folder
Enumerates running processes
UPX packed file
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-13 19:47
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-13 19:47
Reported
2024-10-13 19:49
Platform
ubuntu2204-amd64-20240729-en
Max time kernel
135s
Max time network
147s
Command Line
Signatures
Mirai
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/misc/watchdog | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for modification | /dev/watchdog | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
Enumerates running processes
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /bin/watchdog | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for modification | /sbin/watchdog | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/737/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/872/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1044/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1084/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/4/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/74/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/592/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1098/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/208/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/506/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/585/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/218/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/263/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/829/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1233/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/88/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/110/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1038/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1186/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1187/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1562/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/86/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1013/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/160/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/199/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/771/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1092/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1143/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/16/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/76/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/98/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/212/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/410/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/665/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/868/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1235/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/20/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/25/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/216/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/639/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/860/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1309/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1395/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1565/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/8/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/99/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/742/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1033/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1080/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1160/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1552/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/93/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/542/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/197/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/616/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1054/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1158/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1185/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/1563/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/17/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/119/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/633/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
| File opened for reading | /proc/747/status | /tmp/bc65b67b9d7b698cc14e918d061cc75f.elf | N/A |
Processes
/tmp/bc65b67b9d7b698cc14e918d061cc75f.elf
[/tmp/bc65b67b9d7b698cc14e918d061cc75f.elf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 45.131.65.138:3778 | tcp | |
| DE | 45.131.65.138:3778 | tcp |
Files
memory/1565-1-0x0000000000400000-0x0000000000614b00-memory.dmp