Malware Analysis Report

2025-06-15 23:21

Sample ID 241014-bv5glazajj
Target 62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf
SHA256 62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e
Tags
upx mirai lzrd botnet defense_evasion discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e

Threat Level: Known bad

The file 62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf was found to be: Known bad.

Malicious Activity Summary

upx mirai lzrd botnet defense_evasion discovery

Mirai

Modifies Watchdog functionality

Enumerates running processes

Writes file to system bin folder

UPX packed file

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-14 01:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-14 01:28

Reported

2024-10-14 01:31

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

135s

Max time network

146s

Command Line

[/tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf]

Signatures

Mirai

botnet mirai

Modifies Watchdog functionality

defense_evasion
Description Indicator Process Target
File opened for modification /dev/watchdog /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for modification /dev/misc/watchdog /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A

Enumerates running processes

Writes file to system bin folder

Description Indicator Process Target
File opened for modification /sbin/watchdog /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for modification /bin/watchdog /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/7/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/98/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/206/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1281/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/164/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/445/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/650/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1089/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/115/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/168/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1138/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1176/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1271/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1505/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/83/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/167/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/460/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/489/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1188/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1321/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/89/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/174/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/439/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/561/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1165/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1253/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/29/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/78/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/166/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/416/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/441/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/956/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1156/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1508/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/3/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/22/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/170/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/180/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1085/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1183/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/8/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/35/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/463/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/686/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/165/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/945/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/961/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1117/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/13/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/16/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/36/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/498/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1130/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1164/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1187/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1230/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/79/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/82/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/161/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/448/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/169/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/244/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/1350/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A
File opened for reading /proc/4/status /tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf N/A

Processes

/tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf

[/tmp/62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e.elf]

Network

Country Destination Domain Proto
DE 45.131.65.138:3778 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.5:443 tcp
DE 45.131.65.138:3778 tcp

Files

memory/1511-1-0x0000000000400000-0x0000000000614b00-memory.dmp