Malware Analysis Report

2024-12-07 17:30

Sample ID 241112-dkqxkatdjp
Target df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf
SHA256 df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5
Tags
mirai credential_access defense_evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5

Threat Level: Known bad

The file df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf was found to be: Known bad.

Malicious Activity Summary

mirai credential_access defense_evasion

Mirai family

Modifies Watchdog functionality

Reads process memory

Changes its process name

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 03:04

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 03:04

Reported

2024-11-12 03:06

Platform

debian9-mipsbe-20240729-en

Max time kernel

149s

Max time network

147s

Command Line

[/tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf]

Signatures

Modifies Watchdog functionality

defense_evasion
Description Indicator Process Target
File opened for modification /dev/watchdog /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for modification /dev/misc/watchdog /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A

Reads process memory

credential_access
Description Indicator Process Target
File opened for reading /proc/673/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/693/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/713/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/678/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/679/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/706/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/711/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/716/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/777/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/778/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/434/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/675/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/712/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/719/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/725/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A
File opened for reading /proc/776/maps /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself a /tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf N/A

Processes

/tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf

[/tmp/df4e26700e94c19cde573a8971787f0f4eb28fa315c4f59eb60d3587dda00af5.elf]

Network

Country Destination Domain Proto
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 193.84.71.119:38241 tcp

Files

N/A