MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07b7f7962a1857bd80cc01125f083a0c9c343b437c4a4e5c84cd9b0518e5e586. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07b7f7962a1857bd80cc01125f083a0c9c343b437c4a4e5c84cd9b0518e5e586
SHA3-384 hash: 5d437bcd7065f9040ad9b57a68f88f26eae2b6a47ed6390564411297275acccf7507669aa4daf9a3100f9e1756c0b537
SHA1 hash: 86d049af80cf17f77576c1f6b586a3007811ff89
MD5 hash: 8a9bcbe1bdaf65cf72c4043dbf850433
humanhash: arkansas-emma-white-floor
File name:zeno.arm5
Download: download sample
Signature Mirai
Create hunting rule
File size:23'408 bytes
First seen:2022-04-24 21:50:06 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 384:2N5COINa4/g2JBhCXQghxvGnp97t0+qrgQu0rIXfDho4Apj6+vaTXrhymdGUop5j:sgNZhJq7+npUBu0sP1CpeyaT7s3Uozj
TLSH T129B2D033A669F975DF300CB5DB298386BB97117CD7EE38102094831082DAB5A7179ADE
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter tolisec
Tags:mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
286
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Mirai-8274771-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/6265c64c931cd7663aabe4bb/reports/1351d78b-51a2-439f-9282-1b5cedfb3b0a/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
185.44.81.9:80/bins
Number of open files:
0
Number of processes launched:
6
Processes remaning?
false
Remote TCP ports scanned:
80,443,23
Full report:
https://elfdigest.com/brief/07b7f7962a1857bd80cc01125f083a0c9c343b437c4a4e5c84cd9b0518e5e586
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
185.44.81.9:9902
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bed21c14-3a12-49c1-a2b2-788595d80812
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/982128
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 614617 Sample: zeno.arm5 Startdate: 25/04/2022 Architecture: LINUX Score: 52 54 Multi AV Scanner detection for submitted file 2->54 56 Sample is packed with UPX 2->56 8 systemd logrotate 2->8         started        10 systemd mandb zeno.arm5 2->10         started        12 systemd install 2->12         started        14 2 other processes 2->14 process3 process4 16 logrotate sh 8->16         started        18 logrotate sh 8->18         started        20 logrotate gzip 8->20         started        22 logrotate gzip 8->22         started        24 zeno.arm5 10->24         started        26 zeno.arm5 10->26         started        process5 28 sh invoke-rc.d 16->28         started        30 sh rsyslog-rotate 18->30         started        32 zeno.arm5 24->32         started        34 zeno.arm5 24->34         started        36 zeno.arm5 24->36         started        38 3 other processes 24->38 process6 40 invoke-rc.d runlevel 28->40         started        42 invoke-rc.d systemctl 28->42         started        44 invoke-rc.d ls 28->44         started        46 invoke-rc.d systemctl 28->46         started        48 rsyslog-rotate systemctl 30->48         started        50 zeno.arm5 32->50         started        52 zeno.arm5 34->52         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/07b7f7962a1857bd80cc01125f083a0c9c343b437c4a4e5c84cd9b0518e5e586/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-04-24 21:51:06 UTC
File Type:
ELF32 Little (Exe)
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/220424-1qgbmsecdk/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/07b7f7962a1857bd80cc01125f083a0c9c343b437c4a4e5c84cd9b0518e5e586

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 07b7f7962a1857bd80cc01125f083a0c9c343b437c4a4e5c84cd9b0518e5e586

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2162973/
  
Delivery method
Distributed via web download

Comments