Malware Analysis Report

2024-12-01 02:15

Sample ID 241110-blb4pavqgx
Target 3cdb0af2a2bcfc8e1cacc48d482b1df4.bin
SHA256 bb4198f04803550466bc7fda2d353d57f51a96e5f18b2fd720e23345be558e9c
Tags
discovery botnet mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bb4198f04803550466bc7fda2d353d57f51a96e5f18b2fd720e23345be558e9c

Threat Level: Known bad

The file 3cdb0af2a2bcfc8e1cacc48d482b1df4.bin was found to be: Known bad.

Malicious Activity Summary

discovery botnet mirai

Mirai family

Deletes itself

Enumerates running processes

Changes its process name

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-10 01:13

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 01:13

Reported

2024-11-10 01:16

Platform

ubuntu2204-amd64-20240729-en

Max time kernel

135s

Max time network

141s

Command Line

[/tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf]

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A

Enumerates running processes

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself httpd /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/202/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/213/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/737/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/745/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/636/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/962/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/9/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/119/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/189/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/870/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1162/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/20/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/501/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/770/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1134/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1047/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1159/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/82/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/95/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/411/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/453/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/527/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/956/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/83/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/101/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/408/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/586/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/225/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/758/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1173/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1158/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1161/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/4/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/18/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/25/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/99/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/592/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/640/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/5/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/88/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/114/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/206/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/413/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1127/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/73/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/416/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/587/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/194/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/971/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/13/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/75/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/79/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/81/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/90/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/97/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1083/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1164/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/782/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1016/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1069/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/1095/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/19/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/27/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A
File opened for reading /proc/86/cmdline /tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf N/A

Processes

/tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf

[/tmp/212168bc84d925de2204a841427f211a2ef44b92de316c3fb196b59d153975c7.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ksdjwi.eye-network.ru udp
NL 89.190.156.145:7733 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp

Files

N/A