Malware Analysis Report

2024-12-07 19:08

Sample ID 241114-dw24zaxnbr
Target fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf
SHA256 fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934
Tags
mirai credential_access defense_evasion discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934

Threat Level: Known bad

The file fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf was found to be: Known bad.

Malicious Activity Summary

mirai credential_access defense_evasion discovery

Mirai family

Modifies Watchdog functionality

Enumerates running processes

Reads process memory

Changes its process name

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 03:22

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 03:22

Reported

2024-11-14 03:24

Platform

ubuntu2404-amd64-20240729-en

Max time kernel

149s

Max time network

147s

Command Line

[/tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf]

Signatures

Modifies Watchdog functionality

defense_evasion
Description Indicator Process Target
File opened for modification /dev/misc/watchdog /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for modification /dev/watchdog /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A

Enumerates running processes

Reads process memory

credential_access
Description Indicator Process Target
File opened for reading /proc/776/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/441/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/511/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/585/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/596/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/861/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/862/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/754/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/788/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/790/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/815/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/772/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/418/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/457/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/510/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/590/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/789/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/811/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/812/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/432/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/755/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/764/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/781/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself a /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/2487/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1093/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1962/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2122/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1064/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2246/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1839/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1967/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2220/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2268/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2485/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1697/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1946/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1954/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1129/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1959/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1997/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2098/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1058/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1071/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1121/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1779/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2026/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2027/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2214/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2495/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1261/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1687/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1692/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1922/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1998/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2124/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1408/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1800/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1915/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1909/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2264/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2296/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1051/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1124/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1887/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1955/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2237/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1123/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1866/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1899/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2127/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2316/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1095/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1705/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2030/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1945/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2190/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2191/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1404/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1605/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1695/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1953/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1993/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2491/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2498/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/2520/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1099/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A
File opened for reading /proc/1927/maps /tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf N/A

Processes

/tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf

[/tmp/fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 8.8.8.8:53 193.84.71.119 udp
US 193.84.71.119:38241 tcp

Files

N/A