Malware Analysis Report

2025-03-15 03:13

Sample ID 241113-v86flawjat
Target 88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf
SHA256 88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4
Tags
discovery botnet mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4

Threat Level: Known bad

The file 88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf was found to be: Known bad.

Malicious Activity Summary

discovery botnet mirai

Mirai family

Deletes itself

Enumerates running processes

Changes its process name

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-13 17:40

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 17:40

Reported

2024-11-13 17:43

Platform

ubuntu2204-amd64-20240729-en

Max time kernel

149s

Max time network

143s

Command Line

[/tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf]

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A

Enumerates running processes

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself httpd /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/1240/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1379/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/721/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1057/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1169/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1258/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1534/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1065/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1223/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1243/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/408/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/634/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/639/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/736/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/869/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1361/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1144/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1163/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1488/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1117/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1166/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1453/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/518/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/592/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/782/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1056/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1196/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/689/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1160/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1080/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1088/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1094/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1096/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1128/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/411/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/687/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1176/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/451/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/991/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1161/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1284/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/741/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1164/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1280/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1230/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1315/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1565/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/587/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/646/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1159/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1036/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/416/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/836/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/841/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1016/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1396/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/608/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/979/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1077/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1162/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1184/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/1564/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/762/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A
File opened for reading /proc/770/exe /tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf N/A

Processes

/tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf

[/tmp/88d2fabb4aea62b59792f01f91621444f9152d3f0e8a2ba2988c96fe6c2059a4.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ksdjwi.eye-network.ru udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 154.216.16.109:33966 ksdjwi.eye-network.ru tcp

Files

N/A