MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a546eda40b208225a420179cdbe3d80de3c846a53b31bf9248be5bc997a6412. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	0a546eda40b208225a420179cdbe3d80de3c846a53b31bf9248be5bc997a6412
SHA3-384 hash:	bfbae43f5e2b167b270b3e9d6da1478a7e3852ed253ef6108f8d64dc6d1eebb5e8e1c2f16c6a4360f19a35ee1f4b91dc
SHA1 hash:	48a9e482fded72bdd84b8521be036e1731e9864f
MD5 hash:	e4cb0bb3cb81e07f4a48605bf7b16939
humanhash:	delta-pennsylvania-autumn-india
File name:	haha.x86
Download:	download sample
Signature	Mirai Create hunting rule
File size:	23'976 bytes
First seen:	2022-07-04 10:50:05 UTC
Last seen:	2022-07-04 13:45:08 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	384:MgWBk2GQ6vc7jkmzzjP0yiY3LD2STaviiGmmasYmOj0/VP3PlAfuESkIkA+v1RnQ:jskC6vcXkmDd3LDjG4In0NP/lAfutgQ
TLSH	T107B2E143951B2C39CC12353512FBADED8E1DBE06CBD6914C29905FA396CA3359836ECD
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter	tolisec
Tags:	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

161

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Linux.Mirai.1.31856.25427.UNOFFICIAL

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/62c2c6197808d6d68ec54ca2/reports/58d79f32-2c7a-48a1-aee8-211be1df6a15/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

x86

Packer:

UPX

Botnet:

74.201.28.102:80/skullnet

Number of open files:

Number of processes launched:

Processes remaning?

true

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/0a546eda40b208225a420179cdbe3d80de3c846a53b31bf9248be5bc997a6412

Behaviour

Process Renaming

Botnet C2s

TCP botnet C2(s):

74.201.28.102:3007

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/35f8ab47-35f8-4a7e-9517-d76dbc068eda

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj.evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1024145

Signature

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/0a546eda40b208225a420179cdbe3d80de3c846a53b31bf9248be5bc997a6412/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2022-07-04 10:51:06 UTC

File Type:

ELF32 Little (Exe)

AV detection:

18 of 26 (69.23%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bjkg5wsawiecewscaf443pr5qdpdzbdkkozrx6jerps3zgl2mqja._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/220704-mxtcwsgffj/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 0a546eda40b208225a420179cdbe3d80de3c846a53b31bf9248be5bc997a6412

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2253777/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample