MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64e0601e1a0a1bb7f8f170ea14efa55b1f17aaefad94edf0b96cfdbebeb689e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 64e0601e1a0a1bb7f8f170ea14efa55b1f17aaefad94edf0b96cfdbebeb689e8
SHA3-384 hash: 2977db1a33e689e48d43779d2d5a8bbfab610a981d34be2600f1c3a4472d96f3016bae510caaa0f3cd251e01ec342f48
SHA1 hash: f785ac4c47b99459a8ce236aa76df115af76dd7f
MD5 hash: f11d4deb3dc156310b53b21e22c5663a
humanhash: fish-music-jersey-zulu
File name:mirkatclpb.arm
Download: download sample
Signature Mirai
File size:25'004 bytes
First seen:2021-09-27 21:50:06 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:QX9nxn8o9wnBoWzEQf2EjKb3pWz9s3Uoz2:Qtn+o9wjfBAZWcz2
TLSH T1EBB2D0717015B8B3C7A200B79DE9CB83BB811EF8D0E8B3291465099DEAD9942AAF0547
telfhash tnull
Reporter @tolisec
Tags:mirai

Intelligence


File Origin
# of uploads :
1
# of downloads :
98
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
178.17.171.119:80/bins
Number of open files:
54
Number of processes launched:
13
Processes remaning?
true
Remote TCP ports scanned:
23
Behaviour
Process Renaming
Botnet C2s
DNS botnet C2(s):
not identified
TCP botnet C2(s):
178.17.171.119:1312
UDP botnet C2(s):
not identified
Result
Threat name:
Detection:
malicious
Classification:
spre.troj.evad
Score:
68 / 100
Signature
Sample is packed with UPX
Sample tries to kill many processes (SIGKILL)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 491830 Sample: mirkatclpb.arm Startdate: 27/09/2021 Architecture: LINUX Score: 68 30 66.147.85.178 WINDSTREAMUS United States 2->30 32 200.152.162.49 VerizonMediadoBrasilInternetLtdaBR Brazil 2->32 34 98 other IPs or domains 2->34 38 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->38 40 Yara detected Mirai 2->40 42 Uses known network protocols on non-standard ports 2->42 44 Sample is packed with UPX 2->44 8 mirkatclpb.arm 2->8         started        10 systemd sshd 2->10         started        12 systemd sshd 2->12         started        14 4 other processes 2->14 signatures3 process4 process5 16 mirkatclpb.arm 8->16         started        18 mirkatclpb.arm 8->18         started        21 mirkatclpb.arm 8->21         started        signatures6 23 mirkatclpb.arm 16->23         started        26 mirkatclpb.arm 16->26         started        28 mirkatclpb.arm 16->28         started        36 Sample tries to kill many processes (SIGKILL) 18->36 process7 signatures8 46 Sample tries to kill many processes (SIGKILL) 23->46
Threat name:
Linux.Trojan.Mirai
Status:
Malicious
First seen:
2021-09-27 21:51:05 UTC
AV detection:
19 of 45 (42.22%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 64e0601e1a0a1bb7f8f170ea14efa55b1f17aaefad94edf0b96cfdbebeb689e8

(this sample)

  
Delivery method
Distributed via web download

Comments