Analysis Overview
SHA256
98bbe9f9955cd1a311a032cabb0bf99f6b9a17968f6b02fdc667caca28998dc4
Threat Level: Known bad
The file 98bbe9f9955cd1a311a032cabb0bf99f6b9a17968f6b02fdc667caca28998dc4.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Mirai family
Modifies Watchdog functionality
Enumerates running processes
Writes file to system bin folder
UPX packed file
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 03:14
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 03:14
Reported
2024-11-09 03:17
Platform
ubuntu2404-amd64-20240729-en
Max time kernel
135s
Max time network
146s
Command Line
Signatures
Mirai
Mirai family
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/98bbe9f9955cd1a311a032cabb0bf99f6b9a17968f6b02fdc667caca28998dc4.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/98bbe9f9955cd1a311a032cabb0bf99f6b9a17968f6b02fdc667caca28998dc4.elf | N/A |
Enumerates running processes
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /sbin/watchdog | /tmp/98bbe9f9955cd1a311a032cabb0bf99f6b9a17968f6b02fdc667caca28998dc4.elf | N/A |
| File opened for modification | /bin/watchdog | /tmp/98bbe9f9955cd1a311a032cabb0bf99f6b9a17968f6b02fdc667caca28998dc4.elf | N/A |
Reads runtime system information
Processes
/tmp/98bbe9f9955cd1a311a032cabb0bf99f6b9a17968f6b02fdc667caca28998dc4.elf
[/tmp/98bbe9f9955cd1a311a032cabb0bf99f6b9a17968f6b02fdc667caca28998dc4.elf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 157.173.118.27:3778 | tcp | |
| DE | 157.173.118.27:3778 | tcp |
Files
memory/2547-1-0x0000000000400000-0x0000000000614b00-memory.dmp