MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40b4a8e91427b81ee97fb43a56edce02dce93f88a6c55ad698c50693fb069f6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1

SHA256 hash: 40b4a8e91427b81ee97fb43a56edce02dce93f88a6c55ad698c50693fb069f6b
SHA3-384 hash: 1e37ee8924b02cf0e2aa15062ced047009ef4fe6bf3e2205f5347c0376fb045205dc4cb7cf7b31169e068a9ab93cd5f0
SHA1 hash: 9c0d1819f9b9292119560e21b8d2ff4c2f66316d
MD5 hash: 3ad11448f98fc08e6c1107c4327ab97f
humanhash: cardinal-kansas-july-september
File name:3ad11448f98fc08e6c1107c4327ab97f
Download: download sample
Signature Mirai
File size:34'108 bytes
First seen:2021-09-27 13:30:10 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:eyIuM3Lc1tCjtmSPI6QfSxDBY1T0B1Ki9VVDkekKnnbcuyD7UryqK:Rm3Lc/Cjfya9BYV81Ki9HASnouy8mqK
TLSH T198E2F177D3D18784C2FD20B9906FFD2E488CB24865EE86B7974427B38690F4E21A8711
telfhash tnull
Reporter @zbetcheckin
Tags:32 elf intel mirai

Intelligence


File Origin
# of uploads :
1
# of downloads :
64
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
custom
Botnet:
unknown
Number of open files:
2
Number of processes launched:
3
Processes remaning?
false
Remote TCP ports scanned:
not identified
Behaviour
no suspicious findings
Botnet C2s
DNS botnet C2(s):
not identified
TCP botnet C2(s):
45.142.182.126:666
UDP botnet C2(s):
not identified
Result
Threat name:
Detection:
malicious
Classification:
spre.troj
Score:
60 / 100
Signature
Multi AV Scanner detection for submitted file
Opens /proc/net/* files useful for finding connected devices and routers
Yara detected Mirai
Behaviour
Behavior Graph:
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 491760 Sample: fVNp9NC9l9 Startdate: 27/09/2021 Architecture: LINUX Score: 60 15 45.142.182.126, 49078, 666 XSSERVERNL Germany 2->15 17 109.202.202.202, 80 INIT7CH Switzerland 2->17 19 2 other IPs or domains 2->19 21 Multi AV Scanner detection for submitted file 2->21 23 Yara detected Mirai 2->23 8 fVNp9NC9l9 2->8         started        signatures3 process4 signatures5 25 Opens /proc/net/* files useful for finding connected devices and routers 8->25 11 fVNp9NC9l9 8->11         started        process6 process7 13 fVNp9NC9l9 11->13         started       
Threat name:
Linux.Trojan.Gafgyt
Status:
Malicious
First seen:
2021-09-27 03:59:13 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 40b4a8e91427b81ee97fb43a56edce02dce93f88a6c55ad698c50693fb069f6b

(this sample)

  
Delivery method
Distributed via web download

Comments



Avatar
zbet commented on 2021-09-27 13:30:11 UTC

url : hxxp://45.142.182.126/SBIDIOT/root