Malware Analysis Report

2025-03-15 03:13

Sample ID 241113-djrgpsymbj
Target d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf
SHA256 d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06
Tags
discovery botnet mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06

Threat Level: Known bad

The file d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf was found to be: Known bad.

Malicious Activity Summary

discovery botnet mirai

Mirai family

Deletes itself

Enumerates running processes

Changes its process name

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-13 03:02

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 03:02

Reported

2024-11-13 03:05

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

149s

Max time network

139s

Command Line

[/tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf]

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A

Enumerates running processes

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself httpd /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/1126/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1161/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1252/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/661/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/835/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1349/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1532/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/750/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1172/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/585/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1186/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1197/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1171/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1372/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/742/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1054/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1568/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1097/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1377/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/931/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1117/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1157/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1567/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/612/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1351/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1173/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1230/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1427/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/501/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1133/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/794/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1045/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1142/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/408/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/606/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1447/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/981/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1146/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/588/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/593/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/609/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/411/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/427/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1434/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1553/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1162/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1279/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/775/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1088/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/760/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/762/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1039/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/414/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/676/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/635/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1073/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/502/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/958/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/796/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1179/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/1305/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/528/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/658/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A
File opened for reading /proc/732/exe /tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf N/A

Processes

/tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf

[/tmp/d0e889f556cbab2c82b4f1ecdcdea66c415dc205f85069d86a5e17f594e77d06.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ksdjwi.eye-network.ru udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp

Files

N/A