Malware Analysis Report

2025-03-15 03:12

Sample ID 241113-dffwssvjft
Target d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf
SHA256 d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06
Tags
botnet mirai discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06

Threat Level: Known bad

The file d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf was found to be: Known bad.

Malicious Activity Summary

botnet mirai discovery

Mirai family

Deletes itself

Enumerates running processes

Changes its process name

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-13 02:56

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 02:56

Reported

2024-11-13 02:59

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

144s

Command Line

[/tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf]

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A

Enumerates running processes

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself httpd /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/721/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/931/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1063/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1499/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1506/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1505/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1501/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/713/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/650/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/675/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/947/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/957/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1013/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1085/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1337/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/449/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/490/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/671/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1008/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1121/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1125/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/483/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/666/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1057/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1081/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1142/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1182/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1308/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/435/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1061/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1104/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1143/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1166/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1171/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1316/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/537/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/516/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/530/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1146/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1183/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1269/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1283/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1298/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/482/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/952/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/966/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1066/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1071/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/481/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1138/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1164/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1165/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1223/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1245/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/674/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1033/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1129/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1242/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1345/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/473/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/596/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/699/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1027/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1094/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A

Processes

/tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf

[/tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf]

Network

Country Destination Domain Proto
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
US 8.8.8.8:53 ksdjwi.eye-network.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
GB 195.181.164.19:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp

Files

N/A