Analysis Overview
score
10/10
SHA256
24ecc191f11be7b8ed2929acfbd71eabf107cafe915325bd4500eea55a2620f0
Threat Level: Known bad
The file na.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Modifies Watchdog functionality
Enumerates running processes
Writes file to system bin folder
UPX packed file
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-14 05:22
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-14 05:22
Reported
2024-10-14 05:24
Platform
debian9-mipsbe-20240729-en
Max time kernel
136s
Max time network
148s
Command Line
[/tmp/na.elf]
Signatures
Mirai
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/na.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/na.elf | N/A |
Enumerates running processes
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /sbin/watchdog | /tmp/na.elf | N/A |
| File opened for modification | /bin/watchdog | /tmp/na.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/17/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/20/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/72/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/341/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/376/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/716/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/14/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/36/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/690/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/715/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/721/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/723/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/7/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/71/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/73/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/81/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/443/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/689/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/11/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/16/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/344/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/2/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/19/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/24/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/74/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/111/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/683/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/727/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/3/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/5/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/21/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/83/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/158/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/346/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/396/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/22/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/67/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/686/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/718/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/720/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/75/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/15/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/84/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/8/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/9/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/13/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/23/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/125/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/251/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/4/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/12/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/150/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/18/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/77/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/78/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/390/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/392/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/10/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/337/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/701/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/724/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/1/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/6/status | /tmp/na.elf | N/A |
| File opened for reading | /proc/37/status | /tmp/na.elf | N/A |
Processes
/tmp/na.elf
[/tmp/na.elf]
Network
| Country | Destination | Domain | Proto |
| DE | 45.131.65.138:3778 | tcp | |
| DE | 45.131.65.138:3778 | tcp |
Files
memory/724-1-0x00400000-0x0043cffc-memory.dmp