Malware Analysis Report

2024-12-07 19:17

Sample ID 241114-dgpv4atemj
Target b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf
SHA256 b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1
Tags
mirai credential_access defense_evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1

Threat Level: Known bad

The file b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf was found to be: Known bad.

Malicious Activity Summary

mirai credential_access defense_evasion

Mirai family

Modifies Watchdog functionality

Reads process memory

Changes its process name

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 02:59

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 02:59

Reported

2024-11-14 03:01

Platform

debian9-mipsbe-20240611-en

Max time kernel

150s

Max time network

152s

Command Line

[/tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf]

Signatures

Modifies Watchdog functionality

defense_evasion
Description Indicator Process Target
File opened for modification /dev/watchdog /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for modification /dev/misc/watchdog /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A

Reads process memory

credential_access
Description Indicator Process Target
File opened for reading /proc/493/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/494/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/676/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/697/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/706/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/761/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/463/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/700/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/703/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/710/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/765/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/789/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/806/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/809/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/696/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/788/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/456/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/690/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/692/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/695/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/728/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/767/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A
File opened for reading /proc/773/maps /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself a /tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf N/A

Processes

/tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf

[/tmp/b3d82450bc3b0dff755bf2022016e559be3f017f1c33cb209f1bf2dd5e14f7f1.elf]

Network

Country Destination Domain Proto
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 193.84.71.119:38241 tcp

Files

N/A