Analysis Overview
SHA256
fe5588b0f78092776e450f18344c39fe4559b5130d2b946906790b2d37545022
Threat Level: Known bad
The file fe5588b0f78092776e450f18344c39fe4559b5130d2b946906790b2d37545022.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Mirai
Modifies Watchdog functionality
Writes file to system bin folder
UPX packed file
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 04:06
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 04:06
Reported
2024-11-09 04:09
Platform
debian12-mipsel-20240221-en
Max time kernel
150s
Max time network
10s
Command Line
Signatures
Mirai
Mirai family
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/fe5588b0f78092776e450f18344c39fe4559b5130d2b946906790b2d37545022.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/fe5588b0f78092776e450f18344c39fe4559b5130d2b946906790b2d37545022.elf | N/A |
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /sbin/watchdog | /tmp/fe5588b0f78092776e450f18344c39fe4559b5130d2b946906790b2d37545022.elf | N/A |
| File opened for modification | /bin/watchdog | /tmp/fe5588b0f78092776e450f18344c39fe4559b5130d2b946906790b2d37545022.elf | N/A |
Reads runtime system information
Processes
/tmp/fe5588b0f78092776e450f18344c39fe4559b5130d2b946906790b2d37545022.elf
[/tmp/fe5588b0f78092776e450f18344c39fe4559b5130d2b946906790b2d37545022.elf]
Network
| Country | Destination | Domain | Proto |
| GB | 37.230.62.25:3778 | tcp | |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-2 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-2 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-2 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-2 | udp |
Files
memory/740-1-0x00400000-0x00452a58-memory.dmp