Malware Analysis Report

2025-03-15 03:12

Sample ID 241113-c3npgsvelb
Target 743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf
SHA256 743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3
Tags
botnet mirai discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3

Threat Level: Known bad

The file 743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf was found to be: Known bad.

Malicious Activity Summary

botnet mirai discovery

Mirai family

Deletes itself

Enumerates running processes

Changes its process name

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-13 02:36

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 02:36

Reported

2024-11-13 02:38

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

149s

Max time network

141s

Command Line

[/tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf]

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A

Enumerates running processes

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself httpd /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/1915/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1959/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1821/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1898/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1930/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/588/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1644/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1958/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2085/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1729/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1843/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1893/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1337/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1744/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2290/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2191/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/776/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/825/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1933/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2079/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/433/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1086/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1920/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1078/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1654/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1940/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2093/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2154/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2259/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1397/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1845/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2170/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/580/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/791/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1652/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1767/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2255/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2469/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/442/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1120/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2438/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/794/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/833/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/510/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1061/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1092/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1662/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2221/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2443/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/419/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2177/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1945/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2137/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1129/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1870/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1875/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1888/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/2095/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1046/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1123/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1764/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1866/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1899/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A
File opened for reading /proc/1955/exe /tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf N/A

Processes

/tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf

[/tmp/743f7dcb27a24b84b32e5e552fe2b17e7171272a3ca9449710a46cd3717fdaa3.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ksdjwi.eye-network.ru udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp

Files

N/A