Analysis ID: | 1427772 |
Infos: |
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
|
AV Detection |
---|
Source: |
Avira: |
Source: |
String: |
||
Source: |
String: |
Networking |
---|
Source: |
DNS query: |
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
Source: |
TCP traffic: |
Source: |
Wget executable: |
Jump to behavior | ||
Source: |
Wget executable: |
Jump to behavior |
Source: |
Socket: |
Jump to behavior |
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
Source: |
DNS traffic detected: |
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
System Summary |
---|
Source: |
Matched rule: |
||
Source: |
Matched rule: |
Source: |
SIGKILL sent: |
Jump to behavior | ||
Source: |
SIGKILL sent: |
Jump to behavior | ||
Source: |
SIGKILL sent: |
Jump to behavior | ||
Source: |
SIGKILL sent: |
Jump to behavior |
Source: |
Matched rule: |
||
Source: |
Matched rule: |
Source: |
Classification label: |
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior |
Source: |
Chmod executable: |
Jump to behavior | ||
Source: |
Chmod executable: |
Jump to behavior |
Source: |
Rm executable: |
Jump to behavior | ||
Source: |
Rm executable: |
Jump to behavior | ||
Source: |
Rm executable: |
Jump to behavior | ||
Source: |
Rm executable: |
Jump to behavior | ||
Source: |
Rm executable: |
Jump to behavior |
Source: |
Wget executable: |
Jump to behavior | ||
Source: |
Wget executable: |
Jump to behavior |
Source: |
File: |
Jump to behavior | ||
Source: |
File: |
Jump to behavior |
Source: |
Chmod executable with 777: |
Jump to behavior | ||
Source: |
Chmod executable with 777: |
Jump to behavior |
Source: |
File written: |
Jump to dropped file |
Source: |
Stderr: --2024-04-18 06:51:19-- http://103.163.214.97/shkConnecting to 103.163.214.97:80... connected.HTTP request sent,
awaiting response... 200 OKLength: 474Saving to: shk 0K 100% 512K=0.001s2024-04-18
06:51:20 (512 KB/s) - shk saved [474/474]--2024-04-18 06:51:20-- http://103.163.214.97/mipsConnecting to 103.163.214.97:80...
connected.HTTP request sent, awaiting response... 200 OKLength: 120280 (117K)Saving to: lib 0K .......... .......... ..........
.......... .......... 42% 72.1K 1s 50K .......... .......... .......... .......... .......... 85% 145K 0s 100K ..........
....... 100% 528K=1.1s2024-04-18 06:51:22 (110 KB/s) - lib saved [120280/120280]: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: |
File: |
Jump to behavior | ||
Source: |
File: |
Jump to behavior |
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
Source: |
Queries kernel information via 'uname': |
Jump to behavior |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: |
File source: |
||
Source: |
File source: |
Remote Access Functionality |
---|
Source: |
File source: |
||
Source: |
File source: |
No Screenshots
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
9.10.243.173 | unknown | United States | 3356 | LEVEL3US | false | |
131.85.31.95 | unknown | United States | 140 | DNIC-AS-00140US | false | |
90.221.63.94 | unknown | United Kingdom | 5607 | BSKYB-BROADBAND-ASGB | false | |
18.132.133.131 | unknown | United States | 16509 | AMAZON-02US | false | |
153.74.120.23 | unknown | United States | 14962 | NCR-252US | false | |
139.99.9.194 | unknown | Canada | 16276 | OVHFR | false | |
36.13.74.222 | unknown | Japan | 2516 | KDDIKDDICORPORATIONJP | false | |
186.131.187.183 | unknown | Argentina | 22927 | TelefonicadeArgentinaAR | false | |
104.112.146.190 | unknown | United States | 28573 | CLAROSABR | false | |
123.139.39.205 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
82.149.106.134 | unknown | Austria | 8559 | WELLCOMKabelplusGmbHvormalsBnetWellcomAT | false | |
103.42.115.36 | unknown | India | 133668 | EIKON-AS-INEikonTechnologiesIN | false | |
50.209.198.108 | unknown | United States | 7922 | COMCAST-7922US | false | |
159.25.118.169 | unknown | Germany | 5517 | CSLDE | false | |
123.146.86.5 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
48.207.173.142 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
205.38.105.88 | unknown | United States | 2914 | NTT-COMMUNICATIONS-2914US | false | |
156.125.113.21 | unknown | United States | 393504 | XNSTGCA | false | |
120.73.207.199 | unknown | Korea Republic of | 9761 | KUMHO-ASKUMHOKR | false | |
11.72.61.0 | unknown | United States | 3356 | LEVEL3US | false | |
1.162.202.96 | unknown | Taiwan; Republic of China (ROC) | 3462 | HINETDataCommunicationBusinessGroupTW | false | |
203.255.30.174 | unknown | Korea Republic of | 18028 | GSNU-AS-KRGyeongSangNationalUniversityKR | false | |
16.8.36.136 | unknown | United States | unknown | unknown | false | |
82.115.89.251 | unknown | Poland | 16340 | IS-ASNIS-NETAutonomousSystemPL | false | |
81.156.220.237 | unknown | United Kingdom | 2856 | BT-UK-ASBTnetUKRegionalnetworkGB | false | |
246.40.79.116 | unknown | Reserved | unknown | unknown | false | |
3.231.152.13 | unknown | United States | 14618 | AMAZON-AESUS | false | |
160.24.156.85 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
155.181.207.79 | unknown | United States | 37532 | ZAMRENZM | false | |
221.3.179.91 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
23.173.252.91 | unknown | Reserved | 397672 | AS-WYOMINGWIRELESSUS | false | |
106.55.89.238 | unknown | China | 45090 | CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa | false | |
219.168.146.109 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
31.215.25.247 | unknown | United Arab Emirates | 5384 | EMIRATES-INTERNETEmiratesInternetAE | false | |
244.163.79.127 | unknown | Reserved | unknown | unknown | false | |
92.236.242.219 | unknown | United Kingdom | 5089 | NTLGB | false | |
173.217.65.90 | unknown | United States | 19108 | SUDDENLINK-COMMUNICATIONSUS | false | |
59.119.224.162 | unknown | Taiwan; Republic of China (ROC) | 3462 | HINETDataCommunicationBusinessGroupTW | false | |
60.93.218.94 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
49.87.160.3 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
26.153.48.8 | unknown | United States | 7922 | COMCAST-7922US | false | |
157.69.76.188 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | false | |
54.153.180.142 | unknown | United States | 16509 | AMAZON-02US | false | |
83.130.231.130 | unknown | Israel | 9116 | GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSyste | false | |
51.19.158.134 | unknown | United Kingdom | 5607 | BSKYB-BROADBAND-ASGB | false | |
39.148.103.122 | unknown | China | 24445 | CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCN | false | |
57.157.171.70 | unknown | Belgium | 2686 | ATGS-MMD-ASUS | false | |
241.193.244.154 | unknown | Reserved | unknown | unknown | false | |
182.81.184.225 | unknown | China | 23771 | SXBCTV-APSXBCTVInternetServiceProviderCN | false | |
5.97.46.21 | unknown | Italy | 3269 | ASN-IBSNAZIT | false | |
82.244.243.72 | unknown | France | 12322 | PROXADFR | false | |
105.179.156.81 | unknown | unknown | 37228 | Olleh-Rwanda-NetworksRW | false | |
193.57.230.97 | unknown | United Kingdom | 204928 | OSP-US-01US | false | |
187.100.242.241 | unknown | Brazil | 27699 | TELEFONICABRASILSABR | false | |
59.46.195.34 | unknown | China | 134762 | CHINANET-LIAONING-DALIAN-MANCHINANETLiaoningprovinceDali | false | |
249.113.168.67 | unknown | Reserved | unknown | unknown | false | |
249.17.142.164 | unknown | Reserved | unknown | unknown | false | |
150.3.150.178 | unknown | Japan | 6400 | CompaniaDominicanadeTelefonosSADO | false | |
162.236.213.239 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
13.34.40.148 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
219.240.131.59 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | false | |
66.244.47.169 | unknown | United States | 23483 | SHASTACOEUS | false | |
139.200.181.138 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
39.52.74.222 | unknown | Pakistan | 45595 | PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPK | false | |
98.12.84.202 | unknown | United States | 12271 | TWC-12271-NYCUS | false | |
19.55.110.191 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
132.60.152.230 | unknown | United States | 385 | AFCONC-BLOCK1-ASUS | false | |
115.103.189.162 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
43.236.194.42 | unknown | China | 17506 | UCOMARTERIANetworksCorporationJP | false | |
46.184.123.95 | unknown | Saudi Arabia | 48695 | ATHEEB-ASSA | false | |
97.41.214.195 | unknown | United States | 22394 | CELLCOUS | false | |
246.180.127.246 | unknown | Reserved | unknown | unknown | false | |
124.51.209.73 | unknown | Korea Republic of | 17858 | POWERVIS-AS-KRLGPOWERCOMMKR | false | |
160.166.18.133 | unknown | Morocco | 6713 | IAM-ASMA | false | |
194.84.69.8 | unknown | Russian Federation | 2854 | ROSPRINT-ASRU | false | |
126.245.208.200 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
76.225.140.136 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
181.120.33.225 | unknown | Paraguay | 23201 | TelecelSAPY | false | |
168.147.239.181 | unknown | United States | 27435 | OPSOURCE-INCUS | false | |
219.20.81.39 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
100.96.139.43 | unknown | Reserved | 701 | UUNETUS | false | |
66.227.52.253 | unknown | United States | 3257 | GTT-BACKBONEGTTDE | false | |
104.73.152.206 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
53.31.14.154 | unknown | Germany | 31399 | DAIMLER-ASITIGNGlobalNetworkDE | false | |
154.104.82.55 | unknown | Tunisia | 37693 | TUNISIANATN | false | |
63.70.239.187 | unknown | United States | 701 | UUNETUS | false | |
90.35.72.23 | unknown | France | 3215 | FranceTelecom-OrangeFR | false | |
156.1.114.162 | unknown | United States | 22226 | SFUSDUS | false | |
252.192.131.106 | unknown | Reserved | unknown | unknown | false | |
59.57.245.23 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
132.50.12.107 | unknown | United States | 385 | AFCONC-BLOCK1-ASUS | false | |
163.23.222.138 | unknown | Taiwan; Republic of China (ROC) | 1659 | ERX-TANET-ASN1TaiwanAcademicNetworkTANetInformationC | false | |
116.72.42.170 | unknown | India | 17488 | HATHWAY-NET-APHathwayIPOverCableInternetIN | false | |
179.97.186.103 | unknown | Brazil | 19182 | TELEFONICABRASILSABR | false | |
116.220.194.108 | unknown | Japan | 9824 | JTCL-JP-ASJupiterTelecommunicationCoLtdJP | false | |
92.57.255.252 | unknown | Spain | 12479 | UNI2-ASES | false | |
105.86.121.35 | unknown | Egypt | 36992 | ETISALAT-MISREG | false | |
97.130.128.26 | unknown | United States | 6167 | CELLCO-PARTUS | false | |
140.168.62.184 | unknown | Australia | 15199 | WWUUS | false | |
118.89.115.17 | unknown | China | 45090 | CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa | false |
Name | IP | Active |
---|---|---|
rootme.xyz | 45.128.232.208 | true |