Malware Analysis Report

2024-12-07 13:05

Sample ID 241109-zy79na1pcv
Target debug.dbg
SHA256 ce736f242eed056d20a739d7334e9d58a8f24de18f10fc8546a573afc98cdff4
Tags
mirai discovery rootkit
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ce736f242eed056d20a739d7334e9d58a8f24de18f10fc8546a573afc98cdff4

Threat Level: Known bad

The file debug.dbg was found to be: Known bad.

Malicious Activity Summary

mirai discovery rootkit

Mirai family

Contacts a large (514) amount of remote hosts

Loads a kernel module

Writes file to system bin folder

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 21:08

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 21:08

Reported

2024-11-09 21:08

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

1s

Max time network

4s

Command Line

[/tmp/debug.dbg]

Signatures

Contacts a large (514) amount of remote hosts

discovery

Loads a kernel module

rootkit
Description Indicator Process Target
N/A N/A /tmp/debug.dbg N/A
N/A N/A /tmp/debug.dbg N/A

Writes file to system bin folder

Description Indicator Process Target
File opened for modification /bin/busybox /tmp/debug.dbg N/A

Processes

/tmp/debug.dbg

[/tmp/debug.dbg]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 net.tiktoka.cc udp
KE 197.248.232.108:37215 tcp
ZA 41.144.77.25:37215 tcp
TH 202.143.139.25:37215 tcp
CN 111.199.173.8:37215 tcp
ZA 41.246.173.137:37215 tcp
US 52.118.211.216:37215 tcp
EG 41.239.11.123:37215 tcp
US 157.198.192.116:37215 tcp
ZA 197.221.14.27:37215 tcp
ZA 41.202.36.14:37215 tcp
ZA 197.74.93.97:37215 tcp
BR 187.3.253.218:37215 tcp
MU 197.225.53.250:37215 tcp
US 140.200.109.0:37215 tcp
EG 197.123.89.19:37215 tcp
US 65.191.127.24:37215 tcp
US 157.98.133.126:37215 tcp
US 206.52.45.186:37215 tcp
TW 120.112.203.43:37215 tcp
IS 157.157.17.3:37215 tcp
TN 197.4.255.140:37215 tcp
US 157.145.133.115:37215 tcp
EG 41.35.194.236:37215 tcp
IT 157.28.137.182:37215 tcp
CN 157.255.53.238:37215 tcp
US 157.165.87.172:37215 tcp
CN 110.155.95.136:37215 tcp
US 157.216.24.85:37215 tcp
ZA 197.172.61.233:37215 tcp
JP 124.215.153.90:37215 tcp
LY 41.208.116.37:37215 tcp
IN 157.32.60.74:37215 tcp
IT 157.29.0.1:37215 tcp
ZA 197.168.102.216:37215 tcp
ZA 41.61.221.179:37215 tcp
US 157.226.96.25:37215 tcp
EG 197.60.231.24:37215 tcp
EG 41.128.177.65:37215 tcp
ML 41.73.98.155:37215 tcp
US 157.178.1.74:37215 tcp
US 157.150.231.252:37215 tcp
CA 157.244.178.151:37215 tcp
US 99.165.51.141:37215 tcp
US 157.254.142.134:37215 tcp
TZ 197.186.180.202:37215 tcp
ZA 41.160.225.18:37215 tcp
US 157.207.115.9:37215 tcp
SG 20.198.166.196:37215 tcp
IN 157.40.157.101:37215 tcp
KR 163.171.78.142:37215 tcp
IN 157.35.11.240:37215 tcp
MA 197.253.210.118:37215 tcp
ZA 41.4.253.222:37215 tcp
ZA 197.239.161.217:37215 tcp
US 75.17.30.14:37215 tcp
ZA 197.96.194.185:37215 tcp
MZ 197.158.2.154:37215 tcp
ZA 41.21.160.176:37215 tcp
US 148.34.3.71:37215 tcp
NG 41.58.63.185:37215 tcp
MU 197.225.64.207:37215 tcp
EG 197.62.181.231:37215 tcp
US 132.250.211.49:37215 tcp
ID 157.15.160.27:37215 tcp
HK 162.245.221.12:56999 net.tiktoka.cc tcp
US 157.126.89.24:37215 tcp
EG 197.54.210.173:37215 tcp
DE 79.252.79.205:37215 tcp
US 139.140.222.254:37215 tcp
US 67.179.93.242:37215 tcp
GH 41.210.21.168:37215 tcp
US 34.226.60.85:37215 tcp
US 17.100.151.201:37215 tcp
CN 182.157.194.200:37215 tcp
ZW 41.167.37.101:37215 tcp
ZA 41.118.84.142:37215 tcp
US 64.136.147.162:37215 tcp
ZA 41.180.83.65:37215 tcp
US 157.56.60.23:37215 tcp
JP 163.221.221.226:37215 tcp
EG 197.161.38.92:37215 tcp
ZA 197.72.61.73:37215 tcp
FR 109.29.34.181:37215 tcp
EG 197.198.19.195:37215 tcp
SL 197.215.102.180:37215 tcp
SE 157.180.246.37:37215 tcp
ZA 41.173.149.178:37215 tcp
NG 197.210.221.141:37215 tcp
CH 157.161.191.218:37215 tcp
IE 34.250.186.28:37215 tcp
IN 157.39.78.198:37215 tcp
AE 94.57.31.217:37215 tcp
KE 41.215.46.118:37215 tcp
GE 92.54.195.31:37215 tcp
SD 41.67.4.252:37215 tcp
KR 115.3.30.198:37215 tcp
MW 41.75.118.49:37215 tcp
CI 41.209.172.247:37215 tcp
EG 41.178.20.44:37215 tcp
ZA 41.53.52.82:37215 tcp
US 19.240.246.168:37215 tcp
US 169.171.143.169:37215 tcp
US 157.89.242.8:37215 tcp
US 157.222.7.92:37215 tcp
JP 157.103.66.87:37215 tcp
US 157.235.26.71:37215 tcp
KE 197.181.94.188:37215 tcp
LY 41.253.173.126:37215 tcp
EG 197.222.27.167:37215 tcp
ZA 41.56.82.61:37215 tcp
US 157.235.130.186:37215 tcp
GH 41.189.180.57:37215 tcp
US 157.232.100.3:37215 tcp
JP 157.117.106.45:37215 tcp
EG 197.124.185.0:37215 tcp
FI 157.124.104.110:37215 tcp
CN 218.63.30.109:37215 tcp
US 130.13.103.109:37215 tcp
EG 197.39.238.249:37215 tcp
JP 157.103.231.189:37215 tcp
TN 197.9.129.73:37215 tcp
KR 157.197.112.128:37215 tcp
ZA 41.151.106.100:37215 tcp
ZA 41.25.36.208:37215 tcp
CN 120.237.218.159:37215 tcp
US 157.54.239.54:37215 tcp
EG 197.39.212.160:37215 tcp
US 146.40.119.138:37215 tcp
ZA 197.78.237.89:37215 tcp
JP 157.12.75.88:37215 tcp
EG 41.153.2.153:37215 tcp
MZ 41.94.201.68:37215 tcp
BR 189.13.108.157:37215 tcp
MK 46.217.9.226:37215 tcp
MA 41.137.57.74:37215 tcp
GM 197.242.135.96:37215 tcp
IN 157.227.16.3:37215 tcp
ZA 41.171.32.163:37215 tcp
FI 157.24.38.200:37215 tcp
ZA 197.93.199.126:37215 tcp
ZA 197.75.89.249:37215 tcp
US 156.152.107.198:37215 tcp
AO 197.217.185.86:37215 tcp
RW 41.74.162.26:37215 tcp
DZ 197.202.137.142:37215 tcp
JP 157.67.88.47:37215 tcp
JP 157.114.128.233:37215 tcp
KE 197.177.237.125:37215 tcp
TN 197.25.61.252:37215 tcp
TR 212.174.129.22:37215 tcp
KE 197.181.217.245:37215 tcp
GB 157.23.23.216:37215 tcp
CI 41.67.106.200:37215 tcp
TH 157.179.16.246:37215 tcp
US 216.99.211.50:37215 tcp
EG 41.47.72.244:37215 tcp
JP 157.107.114.68:37215 tcp
EG 41.40.42.249:37215 tcp
JP 157.205.81.59:37215 tcp
US 34.169.245.238:37215 tcp
TN 197.21.74.13:37215 tcp
US 157.139.250.54:37215 tcp
KE 197.159.98.188:37215 tcp
EG 156.171.202.80:37215 tcp
DZ 41.108.235.161:37215 tcp
ZA 41.156.169.122:37215 tcp
JP 157.2.162.33:37215 tcp
KR 182.197.28.251:37215 tcp
DZ 41.100.209.245:37215 tcp
DZ 41.104.174.112:37215 tcp
US 157.251.164.232:37215 tcp
TN 197.7.131.104:37215 tcp
US 157.210.230.178:37215 tcp
ZA 197.86.193.252:37215 tcp
ZA 197.175.13.66:37215 tcp
DZ 41.200.173.199:37215 tcp
FI 157.144.179.176:37215 tcp
JP 157.102.180.172:37215 tcp
US 199.186.174.54:37215 tcp
AT 146.108.31.186:37215 tcp
EG 197.34.221.41:37215 tcp
DZ 41.106.2.160:37215 tcp
CG 197.149.139.178:37215 tcp
TN 197.8.0.250:37215 tcp
LY 41.254.80.27:37215 tcp
NO 157.249.205.216:37215 tcp
ZA 41.61.143.48:37215 tcp
EG 197.37.103.143:37215 tcp
EG 197.164.159.251:37215 tcp
TZ 197.187.248.114:37215 tcp
US 157.60.5.205:37215 tcp
EG 41.65.227.214:37215 tcp
US 19.238.71.18:37215 tcp
US 157.198.127.18:37215 tcp
EG 41.176.38.171:37215 tcp
ZA 155.236.211.40:37215 tcp
US 70.188.179.141:37215 tcp
US 157.81.102.9:37215 tcp
US 157.204.59.35:37215 tcp
US 192.30.156.171:37215 tcp
US 68.186.43.42:37215 tcp
ZA 197.104.91.249:37215 tcp
MA 197.129.93.240:37215 tcp
KR 27.122.156.254:37215 tcp
FR 90.3.161.86:37215 tcp
DE 217.241.57.24:37215 tcp
US 208.134.220.136:37215 tcp
US 157.251.172.191:37215 tcp
US 164.176.121.16:37215 tcp
MZ 41.94.56.168:37215 tcp
NA 41.63.237.221:37215 tcp
EG 197.135.214.185:37215 tcp
US 166.169.5.147:37215 tcp
US 163.37.249.196:37215 tcp
ZA 197.106.184.85:37215 tcp
JP 157.14.216.1:37215 tcp
DE 157.162.27.198:37215 tcp
BH 157.241.103.184:37215 tcp
DZ 197.115.197.167:37215 tcp
ZA 197.78.17.83:37215 tcp
TH 49.229.116.44:37215 tcp
US 157.170.197.254:37215 tcp
ZA 41.3.166.252:37215 tcp
US 157.170.227.68:37215 tcp
US 157.212.50.42:37215 tcp
US 17.205.202.53:37215 tcp
JP 157.71.139.164:37215 tcp
US 157.217.108.23:37215 tcp
IT 157.29.38.94:37215 tcp
KZ 95.59.147.74:37215 tcp
IN 157.50.90.51:37215 tcp
US 157.130.21.23:37215 tcp
ZA 197.236.117.125:37215 tcp
DE 157.180.215.174:37215 tcp
EG 197.57.158.66:37215 tcp
MA 197.153.165.73:37215 tcp
GB 157.84.159.23:37215 tcp
US 157.154.142.36:37215 tcp
BW 41.223.142.26:37215 tcp
EG 197.126.137.229:37215 tcp
US 157.174.169.167:37215 tcp
DZ 41.100.102.100:37215 tcp
DZ 41.106.206.181:37215 tcp
EG 41.236.131.148:37215 tcp
MA 197.147.249.192:37215 tcp
BR 157.86.18.214:37215 tcp
ZA 41.120.52.112:37215 tcp
EG 154.141.59.250:37215 tcp
US 135.179.207.170:37215 tcp
FR 78.112.200.74:37215 tcp
US 157.134.49.219:37215 tcp
JP 157.68.140.11:37215 tcp
ZA 197.108.66.69:37215 tcp
US 157.184.252.103:37215 tcp
US 69.118.191.188:37215 tcp
KR 58.73.86.145:37215 tcp
GA 41.158.153.191:37215 tcp
MU 197.226.29.177:37215 tcp
US 157.246.141.22:37215 tcp
JP 157.3.91.225:37215 tcp
FI 157.200.37.253:37215 tcp
US 157.234.74.118:37215 tcp
US 152.195.66.40:37215 tcp
ZA 41.6.170.213:37215 tcp
FR 157.136.94.4:37215 tcp
ZA 197.99.250.13:37215 tcp
EG 197.166.47.120:37215 tcp
MU 41.202.0.136:37215 tcp
EG 197.57.57.164:37215 tcp
FR 141.194.20.47:37215 tcp
EG 41.45.97.180:37215 tcp
ZA 41.113.10.68:37215 tcp
ZA 41.117.42.98:37215 tcp
DZ 197.202.198.116:37215 tcp
UG 41.210.153.217:37215 tcp
EG 197.133.108.49:37215 tcp
MG 41.188.34.203:37215 tcp
GB 193.195.74.31:37215 tcp
ZA 41.10.19.236:37215 tcp
GA 41.158.173.123:37215 tcp
CN 157.61.149.68:37215 tcp
US 70.137.141.222:37215 tcp
US 157.123.244.36:37215 tcp
IN 157.51.100.157:37215 tcp
US 34.183.39.216:37215 tcp
IE 87.34.133.10:37215 tcp
US 136.49.52.159:37215 tcp
SL 197.215.0.36:37215 tcp
ZA 41.120.213.3:37215 tcp
FI 157.144.255.154:37215 tcp
NL 145.5.244.207:37215 tcp
KR 211.113.128.159:37215 tcp
AO 197.216.56.98:37215 tcp
US 157.182.143.130:37215 tcp
DZ 197.118.147.85:37215 tcp
US 57.160.226.223:37215 tcp
GB 81.139.107.202:37215 tcp
TN 197.2.203.33:37215 tcp
NG 41.75.199.196:37215 tcp
TN 197.238.28.144:37215 tcp
KE 197.138.86.198:37215 tcp
TZ 197.187.7.126:37215 tcp
ZA 41.246.219.214:37215 tcp
US 157.95.135.217:37215 tcp
ZA 197.221.111.176:37215 tcp
US 34.132.102.136:37215 tcp
AU 47.252.242.186:37215 tcp
US 157.178.25.159:37215 tcp
EG 41.44.230.111:37215 tcp
EG 197.166.251.41:37215 tcp
CI 41.84.163.180:37215 tcp
US 157.121.150.78:37215 tcp
DZ 41.200.113.153:37215 tcp
SN 41.208.184.198:37215 tcp
US 157.22.148.31:37215 tcp
GB 157.173.22.249:37215 tcp
TN 197.25.95.223:37215 tcp
TG 102.164.234.3:37215 tcp
EG 41.47.9.85:37215 tcp
KR 221.140.25.231:37215 tcp
ZA 197.168.217.195:37215 tcp
US 157.170.99.21:37215 tcp
TN 197.9.144.61:37215 tcp
US 157.59.74.252:37215 tcp
TN 197.22.37.201:37215 tcp
DZ 197.141.55.167:37215 tcp
ZA 197.169.55.175:37215 tcp
MZ 197.218.201.220:37215 tcp
US 65.60.210.212:37215 tcp
US 74.220.68.37:37215 tcp
IN 157.39.221.59:37215 tcp
MX 148.229.141.136:37215 tcp
ZA 41.4.98.215:37215 tcp
US 216.168.8.91:37215 tcp
IN 122.164.137.127:37215 tcp
JP 157.109.188.131:37215 tcp
EG 197.196.248.210:37215 tcp
ZA 41.31.143.240:37215 tcp
JP 157.3.141.144:37215 tcp
ZA 41.31.134.238:37215 tcp
JP 157.78.96.49:37215 tcp
TW 101.137.112.157:37215 tcp
ZA 197.231.173.251:37215 tcp
JP 211.14.159.28:37215 tcp
MU 41.74.47.173:37215 tcp
ZA 41.28.169.208:37215 tcp
KE 41.81.20.166:37215 tcp
IN 117.203.167.155:37215 tcp
EG 197.41.92.26:37215 tcp
IN 157.44.204.1:37215 tcp
EG 197.58.221.60:37215 tcp
ZA 197.65.62.62:37215 tcp
ZA 197.93.114.116:37215 tcp
JP 157.76.226.3:37215 tcp
GH 41.75.59.130:37215 tcp
US 157.121.130.150:37215 tcp
IN 157.50.31.128:37215 tcp
CD 197.189.47.175:37215 tcp
BR 38.255.117.187:37215 tcp
DZ 197.116.214.7:37215 tcp
US 157.137.44.32:37215 tcp
ZA 197.185.26.81:37215 tcp
KE 197.248.181.219:37215 tcp
CN 60.163.108.12:37215 tcp
MA 41.143.255.195:37215 tcp
US 44.196.195.229:37215 tcp
ZA 41.119.84.252:37215 tcp
PL 89.25.243.174:37215 tcp
DE 217.253.47.203:37215 tcp
ZA 41.148.168.86:37215 tcp
CN 59.224.198.201:37215 tcp
DZ 41.110.201.156:37215 tcp
MX 200.95.136.131:37215 tcp
EG 41.64.248.114:37215 tcp
IN 157.43.150.126:37215 tcp
US 50.108.70.194:37215 tcp
JP 157.104.150.80:37215 tcp
EG 197.54.54.154:37215 tcp
ZA 41.114.213.128:37215 tcp
EG 197.42.101.106:37215 tcp
TN 197.21.82.233:37215 tcp
DJ 197.241.68.155:37215 tcp
CN 119.129.220.100:37215 tcp
US 64.145.125.223:37215 tcp
TN 197.11.79.119:37215 tcp
JP 157.75.171.222:37215 tcp
DZ 41.201.144.79:37215 tcp
US 76.120.38.189:37215 tcp
IS 157.157.74.222:37215 tcp
US 8.105.123.15:37215 tcp
JP 157.107.152.36:37215 tcp
EG 41.39.69.133:37215 tcp
RU 188.19.194.119:37215 tcp
MX 148.211.132.212:37215 tcp
US 157.218.104.162:37215 tcp
ZA 41.48.75.150:37215 tcp
US 157.165.190.23:37215 tcp
JP 157.101.100.194:37215 tcp
US 137.237.119.5:37215 tcp
US 198.149.64.210:37215 tcp
ZA 197.91.92.33:37215 tcp
US 157.151.245.104:37215 tcp
IN 157.44.31.25:37215 tcp
ZA 197.87.121.58:37215 tcp
US 157.207.173.78:37215 tcp
JP 219.62.4.146:37215 tcp
CN 27.158.131.53:37215 tcp
US 162.134.97.34:37215 tcp
JP 157.67.109.2:37215 tcp
MZ 197.219.131.212:37215 tcp
JP 157.2.106.37:37215 tcp
SN 41.82.179.212:37215 tcp
MU 197.226.251.25:37215 tcp
EG 197.44.217.31:37215 tcp
DE 157.163.93.104:37215 tcp
FR 20.199.71.215:37215 tcp
TN 197.240.201.221:37215 tcp
EG 154.176.118.15:37215 tcp
SG 180.129.45.118:37215 tcp
EG 41.37.185.103:37215 tcp
GB 157.231.20.92:37215 tcp
DZ 197.114.212.120:37215 tcp
FR 157.143.209.219:37215 tcp
JP 157.7.124.170:37215 tcp
EG 197.151.209.99:37215 tcp
ZA 41.114.130.163:37215 tcp
TN 197.3.215.69:37215 tcp
ZA 41.15.114.66:37215 tcp
EG 197.199.22.8:37215 tcp
MA 197.131.171.83:37215 tcp
CN 14.221.6.174:37215 tcp
US 159.247.158.96:37215 tcp
JP 157.68.243.142:37215 tcp
EG 197.46.255.101:37215 tcp
GH 197.221.89.171:37215 tcp
EG 197.167.45.66:37215 tcp
JP 157.8.75.128:37215 tcp
GB 80.169.223.34:37215 tcp
DZ 41.102.78.17:37215 tcp
IT 157.29.192.10:37215 tcp
FR 157.97.142.13:37215 tcp
US 38.52.249.107:37215 tcp
IT 93.37.195.73:37215 tcp
EG 41.37.69.129:37215 tcp
NG 41.73.144.167:37215 tcp
ZA 41.156.124.240:37215 tcp
TN 197.9.123.192:37215 tcp
EG 197.124.199.167:37215 tcp
BR 186.246.103.87:37215 tcp
SA 51.253.34.29:37215 tcp
US 8.58.172.161:37215 tcp
US 104.200.45.247:37215 tcp
IN 157.227.204.110:37215 tcp
EG 197.60.71.116:37215 tcp
JP 157.112.125.29:37215 tcp
US 157.184.39.102:37215 tcp
MU 41.87.114.162:37215 tcp
KR 211.60.236.222:37215 tcp
CA 136.143.213.79:37215 tcp
JP 157.77.64.201:37215 tcp
EG 197.162.24.224:37215 tcp
ZA 41.135.127.252:37215 tcp
CA 41.77.117.57:37215 tcp
US 34.200.8.68:37215 tcp
US 157.87.84.62:37215 tcp
HN 190.123.30.77:37215 tcp
US 128.180.49.94:37215 tcp
JP 157.76.149.253:37215 tcp
VE 201.249.111.61:37215 tcp
TN 197.4.197.182:37215 tcp
ZA 41.0.19.83:37215 tcp
EG 41.131.8.121:37215 tcp
FI 193.210.92.218:37215 tcp
BR 186.231.214.130:37215 tcp
ZA 41.151.139.97:37215 tcp
US 157.210.54.125:37215 tcp
VN 14.189.65.200:37215 tcp
AR 181.91.75.96:37215 tcp
EG 197.120.215.51:37215 tcp
TN 197.3.150.228:37215 tcp
GB 157.140.155.200:37215 tcp
US 68.138.91.110:37215 tcp
NG 197.255.21.23:37215 tcp
ZA 41.164.77.163:37215 tcp
US 157.22.135.156:37215 tcp
MA 41.137.109.230:37215 tcp
ES 62.97.131.21:37215 tcp
KR 61.110.111.92:37215 tcp
KE 197.136.203.130:37215 tcp
US 157.152.12.32:37215 tcp
KR 183.100.16.39:37215 tcp
US 157.216.171.141:37215 tcp
ZA 197.94.166.78:37215 tcp
TN 41.225.187.253:37215 tcp
US 157.195.20.99:37215 tcp
TN 197.0.101.32:37215 tcp
ZA 197.92.88.138:37215 tcp
ZA 41.135.26.220:37215 tcp
AT 157.177.222.68:37215 tcp
DE 195.47.195.95:37215 tcp
CN 58.251.111.42:37215 tcp
EG 197.246.157.180:37215 tcp
TN 197.25.65.128:37215 tcp
JP 221.244.254.238:37215 tcp
AO 197.216.201.70:37215 tcp
NZ 60.234.187.15:37215 tcp
UA 37.57.227.93:37215 tcp
ZA 197.70.75.127:37215 tcp
EG 197.199.214.60:37215 tcp
TN 197.240.178.37:37215 tcp
US 157.152.168.3:37215 tcp
US 128.203.127.69:37215 tcp
EE 90.190.201.108:37215 tcp

Files

N/A