Analysis Overview
SHA256
a702b3ac12a3c27748a388408ca60b7a60475d0e34379f5211623b39b22572ea
Threat Level: Known bad
The file a702b3ac12a3c27748a388408ca60b7a60475d0e34379f5211623b39b22572ea.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Modifies Watchdog functionality
Enumerates running processes
Writes file to system bin folder
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 02:55
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 02:55
Reported
2024-11-14 02:57
Platform
debian9-mipsbe-20240729-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/misc/watchdog | /tmp/a702b3ac12a3c27748a388408ca60b7a60475d0e34379f5211623b39b22572ea.elf | N/A |
| File opened for modification | /dev/watchdog | /tmp/a702b3ac12a3c27748a388408ca60b7a60475d0e34379f5211623b39b22572ea.elf | N/A |
Enumerates running processes
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /sbin/watchdog | /tmp/a702b3ac12a3c27748a388408ca60b7a60475d0e34379f5211623b39b22572ea.elf | N/A |
| File opened for modification | /bin/watchdog | /tmp/a702b3ac12a3c27748a388408ca60b7a60475d0e34379f5211623b39b22572ea.elf | N/A |
Reads runtime system information
Processes
/tmp/a702b3ac12a3c27748a388408ca60b7a60475d0e34379f5211623b39b22572ea.elf
[/tmp/a702b3ac12a3c27748a388408ca60b7a60475d0e34379f5211623b39b22572ea.elf]
Network
| Country | Destination | Domain | Proto |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp | |
| DE | 45.137.70.156:3778 | tcp |