MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04b7aac89b88ade586afcff59f8b14caebe325de2ceec0816f3ef0a08eaf6cd1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Moobot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04b7aac89b88ade586afcff59f8b14caebe325de2ceec0816f3ef0a08eaf6cd1
SHA3-384 hash: 8e2829ccbdc31d7915d66d8a03c84f0c6c32cc9d5d8bca4cd704242962ccf7493fc3cc9ac57092fb26b3b31afc5b0f6e
SHA1 hash: cf907cdec73fbd33ccd2dbee38f75fbf8c17f6c5
MD5 hash: 5a3099efae335c62f1f2cd7d0a4f81ec
humanhash: mike-tango-kentucky-nitrogen
File name:5a3099efae335c62f1f2cd7d0a4f81ec
Download: download sample
Signature Moobot
Create hunting rule
File size:50'884 bytes
First seen:2024-02-23 10:14:04 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:ctoXq9WTq7lzf415tQWHxD/KrnHq/Oe+O+kYTDqqN:ctKSWO7lzf415OWHxD+nHQOeMk6N
TLSH T116335B21A97A1E17C0D4A57A62F34329B2F1034F26B8CB2EBD730E4EFF1594461176B5
Reporter zbetcheckin
Tags:32 elf mirai Moobot sparc

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7540663-0
Create hunting rule

Unix.Trojan.Mirai-8025795-0
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/65d8702722703c3491ac68d9/reports/5f90db3c-878f-4561-b695-3dbc85de21db/overview
Result
Verdict:
MALICIOUS
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/84b53c06-8b8e-4f4a-8646-631958a131dd
Result
Threat name:
Moobot
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1397569
Signature
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Moobot
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1397569 Sample: GpqAAlRMz4.elf Startdate: 23/02/2024 Architecture: LINUX Score: 64 16 50.125.193.248 ZIPLY-FIBER-LEGACY-ASNUS United States 2->16 18 155.184.40.35 ZAMRENZM United States 2->18 20 99 other IPs or domains 2->20 22 Snort IDS alert for network traffic 2->22 24 Multi AV Scanner detection for submitted file 2->24 26 Yara detected Moobot 2->26 8 GpqAAlRMz4.elf 2->8         started        10 dash rm 2->10         started        signatures3 process4 process5 12 GpqAAlRMz4.elf 8->12         started        process6 14 GpqAAlRMz4.elf 12->14         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/04b7aac89b88ade586afcff59f8b14caebe325de2ceec0816f3ef0a08eaf6cd1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04b7aac89b88ade586afcff59f8b14caebe325de2ceec0816f3ef0a08eaf6cd1/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2024-02-23 10:15:05 UTC
File Type:
ELF32 Big (Exe)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=as32vse3rcw6lbvpz72z7cyuzlv6gjo6ftxmbalph3ykbdvpntiq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai linux
Link:
https://tria.ge/reports/240223-l98snsef3y/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/04b7aac89b88ade586afcff59f8b14caebe325de2ceec0816f3ef0a08eaf6cd1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Moobot

elf 04b7aac89b88ade586afcff59f8b14caebe325de2ceec0816f3ef0a08eaf6cd1

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2768447/

Comments


Avatar
zbet commented on 2024-02-23 10:14:05 UTC

url : hxxp://5.181.80.126/VB4DC.spc