MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d128b9fad7f6c727da2ff0b0fa3d209131dee5608ddc899b435f407f73c2245. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 5 File information Comments

SHA256 hash: 0d128b9fad7f6c727da2ff0b0fa3d209131dee5608ddc899b435f407f73c2245
SHA3-384 hash: 970040f0e7235ffc535bcf247ee1d37ddf464ce625b67947fadd174045f9c237b07fda42b4aa496f468caa469e6c7949
SHA1 hash: b9712d967d3813a615cb0c54fac3c9cc842be3ff
MD5 hash: d6927f6d08661f042cdcb2e673cb90a3
humanhash: sink-helium-delta-thirteen
File name:x86_64-20220420-1957
Download: download sample
Signature Mirai
File size:62'784 bytes
First seen:2022-04-20 19:57:06 UTC
Last seen:2022-04-20 19:57:14 UTC
File type: elf
MIME type:application/x-executable
ssdeep 1536:v+frsIvYufi7Qq5tWTf3/RJQ1yC76QqQ9LOs:YrsiYsC5Cf3/RJ4y1RQ9
TLSH T1DD534B17A9D441FEC298D1B886FB6931D423B4BC337A758A73C0BF1A7D05EA01F29685
telfhash t1f711c67239a92ae8f0fffd657346f0185ca41da005f13af694b7a8b6db103c104e8153
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter tolisec
Tags:mirai

Intelligence


File Origin
# of uploads :
2
# of downloads :
267
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
anti-debug obfuscated
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
not packed
Botnet:
194.31.98.171
Number of open files:
0
Number of processes launched:
4
Processes remaning?
true
Remote TCP ports scanned:
37215,23
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
212.192.241.70:3074
UDP botnet C2(s):
not identified
Result
Threat name:
Mirai Moobot
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Behaviour
Behavior Graph:
n/a
Threat name:
Linux.Trojan.Mirai
Status:
Malicious
First seen:
2022-04-20 12:09:00 UTC
File Type:
ELF64 Little (Exe)
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
discovery linux
Behaviour
Contacts a large (129867) amount of remote hosts
Creates a large amount of network flows
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:Mirai
Description:Mirai
Rule name:SUSP_XORed_Mozilla
Author:Florian Roth
Description:Detects suspicious XORed keyword - Mozilla/5.0
Reference:Internal Research
Rule name:SUSP_XORed_Mozilla_RID2DB4
Author:Florian Roth
Description:Detects suspicious XORed keyword - Mozilla/5.0
Reference:Internal Research
Rule name:unixredflags3
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 0d128b9fad7f6c727da2ff0b0fa3d209131dee5608ddc899b435f407f73c2245

(this sample)

  
Delivery method
Distributed via web download

Comments