Malware Analysis Report

2025-03-15 03:12

Sample ID 241113-c4p9psvgpn
Target 890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf
SHA256 890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8
Tags
botnet mirai discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8

Threat Level: Known bad

The file 890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf was found to be: Known bad.

Malicious Activity Summary

botnet mirai discovery

Mirai family

Deletes itself

Enumerates running processes

Changes its process name

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-13 02:38

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 02:38

Reported

2024-11-13 02:40

Platform

ubuntu2004-amd64-20240611-en

Max time kernel

149s

Max time network

142s

Command Line

[/tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf]

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A

Enumerates running processes

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself httpd /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/1114/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1267/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1411/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/949/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1006/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1037/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1068/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1078/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/836/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/953/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1079/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/441/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/487/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/490/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1251/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/495/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/558/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/817/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1137/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1209/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/453/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/629/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/937/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1125/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1092/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1108/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/454/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/523/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/561/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/648/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/926/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/971/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/765/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1027/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/476/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/501/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/564/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/640/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/670/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/693/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1080/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1093/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1100/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1454/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1099/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1140/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/478/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/678/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/809/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/930/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/931/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1049/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1143/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1330/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1406/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1045/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1091/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/811/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/976/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/982/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1077/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/1408/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/488/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A
File opened for reading /proc/676/exe /tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf N/A

Processes

/tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf

[/tmp/890b8d3a003b56b69a5c19f9bba593ce7e44ba115baabf9da20f646949e2edb8.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ksdjwi.eye-network.ru udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp

Files

N/A