Linux Analysis Report
9g5gIOlb47.elf

Overview

General Information

Sample name: 9g5gIOlb47.elf
renamed because original name is a hash value
Original sample name: 939f119901a171e7adfa7759b5bffd53.elf
Analysis ID: 1438523
MD5: 939f119901a171e7adfa7759b5bffd53
SHA1: d83d29264d6c3c05d568505c003c9dae925a25f2
SHA256: ed47e0360007f63898c4a974344fcf861c476bfad14b284eef7981b5de5b09f3
Tags: 32elfintelmirai
Infos:

Detection

Mirai
Score: 96
Range: 0 - 100
Whitelisted: false

Signatures

Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Mirai
Machine Learning detection for sample
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample contains only a LOAD segment without any section mappings
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 9g5gIOlb47.elf ReversingLabs: Detection: 28%
Machine Learning detection for sample
Source: 9g5gIOlb47.elf Joe Sandbox ML: detected

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:60402 -> 171.101.53.19:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:45786 -> 189.254.169.65:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:50048 -> 36.33.35.192:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:50502 -> 36.33.35.192:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:57882 -> 59.127.166.52:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:52516 -> 45.226.177.67:23
Source: Traffic Snort IDS: 2023439 ET TROJAN Possible Linux.Mirai Login Attempt (hi3518) 192.168.2.13:45420 -> 61.190.74.68:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:47172 -> 189.254.169.65:23
Source: Traffic Snort IDS: 2023333 ET TROJAN Linux.Mirai Login Attempt (xc3511) 192.168.2.13:45650 -> 61.190.74.68:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:45650 -> 61.190.74.68:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:51832 -> 36.33.35.192:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:60880 -> 179.38.90.101:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.13:53188 -> 121.254.189.99:23
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57490
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57508
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57518
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57526
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57534
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57540
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57548
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57554
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57562
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57568
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57578
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57586
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57596
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57612
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57630
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57650
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57666
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57696
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57712
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57730
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57752
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57776
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57798
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57824
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57842
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57866
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57880
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57898
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47032
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47050
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47074
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47092
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47110
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47156
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47176
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47200
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47212
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47236
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47248
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47258
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47270
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47276
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47288
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47298
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47310
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47326
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47362
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47374
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47394
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47404
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47414
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47428
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47438
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47448
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47460
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47470
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40132
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40140
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40158
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40174
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40192
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40212
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40230
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40252
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40268
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40284
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40302
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40324
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40346
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40362
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40382
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40396
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40408
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40430
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40444
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40454
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40472
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51016
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40482
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51030
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40498
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51048
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40516
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51062
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40532
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51078
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40552
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51094
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51112
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40570
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51128
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40590
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51148
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51164
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51180
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51200
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51220
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51238
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51256
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51276
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51286
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51310
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51324
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51344
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51362
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51380
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51400
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51416
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51426
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51440
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51456
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51472
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41702
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41716
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41736
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41750
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41762
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41812
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41826
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41844
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41862
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41878
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41924
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41942
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41964
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41982
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42002
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42014
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42032
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42048
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42058
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42084
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42100
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42112
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42122
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42136
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42140
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42150
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42158
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42168
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.13:46890 -> 94.156.66.201:59
Source: global traffic TCP traffic: 192.168.2.13:45918 -> 156.66.201.59:59
Source: global traffic TCP traffic: 192.168.2.13:48928 -> 66.201.59.2:59
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Source: global traffic TCP traffic: 192.168.2.13:48202 -> 185.125.190.26:443
Source: unknown TCP traffic detected without corresponding DNS query: 182.177.53.123
Source: unknown TCP traffic detected without corresponding DNS query: 80.142.141.123
Source: unknown TCP traffic detected without corresponding DNS query: 102.199.225.110
Source: unknown TCP traffic detected without corresponding DNS query: 94.195.205.184
Source: unknown TCP traffic detected without corresponding DNS query: 180.63.194.136
Source: unknown TCP traffic detected without corresponding DNS query: 17.120.80.160
Source: unknown TCP traffic detected without corresponding DNS query: 223.129.162.246
Source: unknown TCP traffic detected without corresponding DNS query: 94.36.40.94
Source: unknown TCP traffic detected without corresponding DNS query: 161.71.16.41
Source: unknown TCP traffic detected without corresponding DNS query: 90.46.46.139
Source: unknown TCP traffic detected without corresponding DNS query: 71.9.105.134
Source: unknown TCP traffic detected without corresponding DNS query: 153.166.165.124
Source: unknown TCP traffic detected without corresponding DNS query: 213.120.9.95
Source: unknown TCP traffic detected without corresponding DNS query: 185.150.178.16
Source: unknown TCP traffic detected without corresponding DNS query: 201.116.158.6
Source: unknown TCP traffic detected without corresponding DNS query: 78.33.213.70
Source: unknown TCP traffic detected without corresponding DNS query: 158.251.125.205
Source: unknown TCP traffic detected without corresponding DNS query: 68.138.150.1
Source: unknown TCP traffic detected without corresponding DNS query: 89.118.200.244
Source: unknown TCP traffic detected without corresponding DNS query: 178.239.104.203
Source: unknown TCP traffic detected without corresponding DNS query: 100.38.145.95
Source: unknown TCP traffic detected without corresponding DNS query: 60.44.14.2
Source: unknown TCP traffic detected without corresponding DNS query: 174.96.194.242
Source: unknown TCP traffic detected without corresponding DNS query: 170.188.201.179
Source: unknown TCP traffic detected without corresponding DNS query: 60.176.86.228
Source: unknown TCP traffic detected without corresponding DNS query: 201.67.131.129
Source: unknown TCP traffic detected without corresponding DNS query: 44.58.243.6
Source: unknown TCP traffic detected without corresponding DNS query: 208.67.108.249
Source: unknown TCP traffic detected without corresponding DNS query: 135.61.172.152
Source: unknown TCP traffic detected without corresponding DNS query: 63.45.220.253
Source: unknown TCP traffic detected without corresponding DNS query: 74.150.0.95
Source: unknown TCP traffic detected without corresponding DNS query: 197.157.209.137
Source: unknown TCP traffic detected without corresponding DNS query: 43.70.214.108
Source: unknown TCP traffic detected without corresponding DNS query: 174.58.108.59
Source: unknown TCP traffic detected without corresponding DNS query: 70.143.99.160
Source: unknown TCP traffic detected without corresponding DNS query: 190.21.204.174
Source: unknown TCP traffic detected without corresponding DNS query: 101.121.85.235
Source: unknown TCP traffic detected without corresponding DNS query: 92.188.254.88
Source: unknown TCP traffic detected without corresponding DNS query: 165.183.103.71
Source: unknown TCP traffic detected without corresponding DNS query: 75.223.216.67
Source: unknown TCP traffic detected without corresponding DNS query: 192.181.18.100
Source: unknown TCP traffic detected without corresponding DNS query: 146.240.218.28
Source: unknown TCP traffic detected without corresponding DNS query: 168.141.201.28
Source: unknown TCP traffic detected without corresponding DNS query: 130.61.97.164
Source: unknown TCP traffic detected without corresponding DNS query: 75.243.19.61
Source: unknown TCP traffic detected without corresponding DNS query: 135.227.118.14
Source: unknown TCP traffic detected without corresponding DNS query: 144.139.34.4
Source: unknown TCP traffic detected without corresponding DNS query: 131.204.13.221
Source: unknown TCP traffic detected without corresponding DNS query: 161.211.191.73
Source: unknown TCP traffic detected without corresponding DNS query: 16.31.209.26
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Source: 9g5gIOlb47.elf, 5441.1.0000000008048000.000000000805b000.r-x.sdmp String found in binary or memory: http://fast.no/support/crawler.asp)
Source: 9g5gIOlb47.elf, 5436.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5438.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5440.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5445.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5441.1.0000000008048000.000000000805b000.r-x.sdmp String found in binary or memory: http://feedback.redkolibri.com/
Source: 9g5gIOlb47.elf, 5436.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5438.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5440.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5445.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5441.1.0000000008048000.000000000805b000.r-x.sdmp String found in binary or memory: http://www.baidu.com/search/spider.htm)
Source: 9g5gIOlb47.elf, 5436.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5438.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5440.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5445.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5441.1.0000000008048000.000000000805b000.r-x.sdmp String found in binary or memory: http://www.baidu.com/search/spider.html)
Source: 9g5gIOlb47.elf, 5436.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5438.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5440.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5445.1.0000000008048000.000000000805b000.r-x.sdmp, 9g5gIOlb47.elf, 5441.1.0000000008048000.000000000805b000.r-x.sdmp String found in binary or memory: http://www.billybobbot.com/crawler/)
Source: unknown Network traffic detected: HTTP traffic on port 48202 -> 443

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Sample contains only a LOAD segment without any section mappings
Source: LOAD without section mappings Program segment: 0x8048000
Yara signature match
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: classification engine Classification label: mal96.troj.linELF@0/0@2/0

Hooking and other Techniques for Hiding and Protection
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57490
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57508
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57518
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57526
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57534
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57540
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57548
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57554
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57562
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57568
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57578
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57586
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57596
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57612
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57630
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57650
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57666
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57696
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57712
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57730
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57752
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57776
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57798
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57824
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57842
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57866
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57880
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57898
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47032
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47050
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47074
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47092
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47110
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47156
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47176
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47200
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47212
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47236
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47248
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47258
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47270
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47276
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47288
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47298
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47310
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47326
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47362
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47374
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47394
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47404
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47414
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47428
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47438
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47448
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47460
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 47470
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40132
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40140
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40158
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40174
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40192
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40212
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40230
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40252
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40268
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40284
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40302
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40324
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40346
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40362
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40382
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40396
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40408
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40430
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40444
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40454
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40472
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51016
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40482
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51030
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40498
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51048
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40516
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51062
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40532
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51078
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40552
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51094
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51112
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40570
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51128
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 40590
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51148
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51164
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51180
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51200
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51220
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51238
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51256
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51276
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51286
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51310
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51324
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51344
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51362
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51380
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51400
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51416
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51426
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51440
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51456
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 51472
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41702
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41716
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41736
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41750
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41762
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41812
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41826
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41844
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41862
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41878
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41924
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41942
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41964
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 41982
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42002
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42014
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42032
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42048
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42058
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42084
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42100
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42112
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42122
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42136
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42140
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42150
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42158
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 42168
ELF contains segments with high entropy indicating compressed/encrypted content
Source: 9g5gIOlb47.elf Submission file: segment LOAD with 7.9647 entropy (max. 8.0)

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match File source: dump.pcap, type: PCAP

Remote Access Functionality
barindex
Detected Mirai
Source: Traffic Snort IDS: ET TROJAN Possible Linux.Mirai Login Attempt (hi3518)
Source: Traffic Snort IDS: ET TROJAN Linux.Mirai Login Attempt (xc3511)
Source: Traffic Snort IDS: ET TROJAN Possible Linux.Mirai Login Attempt (hi3518)
Yara detected Mirai
Source: Yara match File source: 5438.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5441.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5445.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5440.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match File source: dump.pcap, type: PCAP

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
14.52.153.247
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
13.36.254.64
 unknown United States
7018 ATT-INTERNET4US false
150.160.195.251
 unknown United States
26438 MONROE-COMMUNITY-COLLEGEUS false
84.39.84.192
 unknown Germany
39090 BRANDL---KPN---DE false
95.19.72.171
 unknown Spain
12479 UNI2-ASES false
217.187.3.29
 unknown Germany
6805 TDDE-ASN1DE false
143.166.239.1
 unknown United States
3614 DELL-BLKUS false
102.116.120.152
 unknown Mauritius
23889 MauritiusTelecomMU false
153.129.58.11
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
159.118.56.97
 unknown United States
11492 CABLEONEUS false
76.240.191.22
 unknown United States
7018 ATT-INTERNET4US false
157.10.106.246
 unknown unknown
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
86.17.1.177
 unknown United Kingdom
5089 NTLGB false
37.175.45.187
 unknown France
51207 FREEMFR false
179.79.229.164
 unknown Brazil
26615 TIMSABR false
73.3.19.230
 unknown United States
7922 COMCAST-7922US false
94.161.12.224
 unknown Italy
24608 WINDTRE-ASIT false
40.95.4.205
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
94.107.201.138
 unknown Belgium
47377 ORANGE_BELGIUM_SAKPNBelgiumBusinessNVhasbeenacquired false
139.41.98.196
 unknown United States
9905 LINKNET-ID-APLinknetASNID false
154.116.16.85
 unknown Gabon
16058 Gabon-TelecomGA false
179.134.252.248
 unknown Brazil
26599 TELEFONICABRASILSABR false
18.57.244.191
 unknown United States
3 MIT-GATEWAYSUS false
105.232.97.239
 unknown Namibia
37009 MTCASNNA false
144.255.143.45
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
219.40.97.188
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
92.40.173.225
 unknown United Kingdom
206067 H3GUKGB false
164.50.104.164
 unknown United States
395877 CITYOFTEMPEUS false
119.189.1.228
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
186.87.128.84
 unknown Colombia
10620 TelmexColombiaSACO false
85.75.167.123
 unknown Greece
6799 OTENET-GRAthens-GreeceGR false
170.201.23.211
 unknown United States
10995 PNCBANKUS false
58.107.238.2
 unknown Australia
4804 MPX-ASMicroplexPTYLTDAU false
149.115.174.204
 unknown United States
174 COGENT-174US false
32.112.217.245
 unknown United States
7018 ATT-INTERNET4US false
122.208.130.216
 unknown Japan 17506 UCOMARTERIANetworksCorporationJP false
152.17.81.206
 unknown United States
40245 WAKE-FOREST-UNIVERSITYUS false
74.225.230.168
 unknown United States
19108 SUDDENLINK-COMMUNICATIONSUS false
162.127.57.98
 unknown United States
11714 NETWORKNEBRASKAUS false
138.158.49.77
 unknown United States
1540 DNIC-ASBLK-01534-01546US false
38.185.182.48
 unknown United States
174 COGENT-174US false
80.233.250.207
 unknown Latvia
35182 TERABITS-ASLV false
36.121.253.252
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false
94.176.2.246
 unknown Romania
3164 ASTIMPRO false
38.14.123.86
 unknown United States
174 COGENT-174US false
160.224.24.111
 unknown Angola
11259 ANGOLATELECOMAO false
163.189.185.181
 unknown Australia
55542 RMSNET-AS-APRoadsandMaritimeServicesAU false
44.239.76.122
 unknown United States
16509 AMAZON-02US false
133.234.153.225
 unknown Japan 7682 HOTNETHOKKAIDOTELECOMMUNICATIONSNETWORKCoIncJP false
101.160.84.36
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
32.114.109.30
 unknown United States
2687 ATGS-MMD-ASUS false
68.192.29.18
 unknown United States
6128 CABLE-NET-1US false
177.171.149.60
 unknown Brazil
26599 TELEFONICABRASILSABR false
217.160.158.149
 unknown Germany
8560 ONEANDONE-ASBrauerstrasse48DE false
200.71.28.76
 unknown Uruguay
20002 TelstarSAUY false
2.199.168.25
 unknown Italy
16232 ASN-TIMServiceProviderIT false
203.205.156.157
 unknown China
132203 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN false
98.139.117.88
 unknown United States
36647 YAHOO-GQ1US false
164.57.42.224
 unknown United States
4583 WESTPUB-AUS false
105.78.90.71
 unknown Morocco
36884 MAROCCONNECTMA false
163.61.118.76
 unknown unknown
2516 KDDIKDDICORPORATIONJP false
128.113.78.20
 unknown United States
91 RPI-ASUS false
64.52.159.107
 unknown United States
7029 WINDSTREAMUS false
177.177.236.44
 unknown Brazil
7738 TelemarNorteLesteSABR false
39.110.0.32
 unknown Japan 2527 SO-NETSo-netEntertainmentCorporationJP false
75.62.181.210
 unknown United States
7018 ATT-INTERNET4US false
113.183.33.183
 unknown Viet Nam
45899 VNPT-AS-VNVNPTCorpVN false
211.185.224.2
 unknown Korea Republic of
10176 DJE-AS-KRDaejonMetropolitanOfficeofEducationKR false
71.251.6.16
 unknown United States
701 UUNETUS false
88.189.160.158
 unknown France
12322 PROXADFR false
181.37.159.163
 unknown Dominican Republic
28118 ALTICEDOMINICANASADO false
188.46.17.147
 unknown Germany
6805 TDDE-ASN1DE false
112.114.205.180
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
124.191.33.17
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
20.132.231.177
 unknown United States
206 CSC-IGN-AMERUS false
161.20.120.102
 unknown Switzerland
19512 LYONDELLUS false
163.110.163.31
 unknown France
17816 CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi false
148.190.120.26
 unknown United States
42652 DELUNETDE false
53.104.93.205
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
46.68.77.178
 unknown United Kingdom
12576 EELtdGB false
13.8.153.84
 unknown United States
26662 XEROX-WVUS false
97.143.115.195
 unknown United States
6167 CELLCO-PARTUS false
110.188.157.114
 unknown China
38283 CHINANET-SCIDC-AS-APCHINANETSiChuanTelecomInternetData false
193.28.138.31
 unknown Germany
30730 ZE-WROCLAW-ASPL false
82.127.162.248
 unknown France
3215 FranceTelecom-OrangeFR false
71.242.141.32
 unknown United States
701 UUNETUS false
157.17.38.57
 unknown Japan 2907 SINET-ASResearchOrganizationofInformationandSystemsN false
151.94.158.206
 unknown Italy
16161 BANCALOMBARDAIT false
71.137.59.104
 unknown China
7018 ATT-INTERNET4US false
121.182.55.15
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
191.62.24.184
 unknown Brazil
22085 ClaroSABR false
163.126.72.41
 unknown United States
1761 TDIR-CAPNETUS false
195.158.190.71
 unknown Germany
20676 PLUSNETDE false
108.150.4.155
 unknown United States
16509 AMAZON-02US false
1.34.67.55
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
129.147.75.215
 unknown United States
31898 ORACLE-BMC-31898US false
204.114.8.50
 unknown United States
15205 NCPDASUS false
72.216.16.168
 unknown United States
22773 ASN-CXA-ALL-CCI-22773-RDCUS false
109.51.111.3
 unknown Portugal
2860 NOS_COMUNICACOESPT false
121.244.223.41
 unknown India
4755 TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISP false

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.24 true