Analysis Overview
score
10/10
SHA256
99837b4e5d6d2431a09ccdd98eda8f1cd78080a6bd8b9c7300f9210ba463257e
Threat Level: Known bad
The file main_mips.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Mirai family
Deletes itself
UPX packed file
Changes its process name
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 17:07
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 17:07
Reported
2024-11-09 17:09
Platform
debian9-mipsbe-20240611-en
Max time kernel
150s
Max time network
155s
Command Line
[/tmp/main_mips.elf]
Signatures
Mirai
Mirai family
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/main_mips.elf | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | httpd | /tmp/main_mips.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/exe | /tmp/main_mips.elf | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/main_mips.elf | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/main_mips.elf | /tmp/main_mips.elf | N/A |
Processes
/tmp/main_mips.elf
[/tmp/main_mips.elf]
Network
| Country | Destination | Domain | Proto |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp | |
| DE | 185.78.76.132:1995 | tcp |
Files
memory/697-1-0x00400000-0x00473cb0-memory.dmp