MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 102ca1bb1e781cf3d07f856331484e84c89bbd3840e88b3f59856682032c049d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	102ca1bb1e781cf3d07f856331484e84c89bbd3840e88b3f59856682032c049d
SHA3-384 hash:	fe5be25fe010092943f4a53937a5f6179db5947250eaa057c6b262dcb0c2939f59d0299f78cd4116f48a2e87e1cd7073
SHA1 hash:	1d7496e7b6721a62f39061bda9a13d7e13bcde2d
MD5 hash:	cee01240d45219070e452d237cea7768
humanhash:	pip-wyoming-skylark-missouri
File name:	mips-20240414-1249
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'096 bytes
First seen:	2024-04-14 12:49:51 UTC
Last seen:	2024-04-14 13:25:35 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	48:ZS+chzgkZ2zEClQximcpcDZJrE8EvqKR4lrpy4IVlK+5m:PkZ6lrmuc3rE8ElR4lrpy4IVT5m
TLSH	T1AB4112CD1B715FA8F4AAD13843334E7176AD5A88A7D18241F1ACD9000E9138E99AFEE5
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter	elfdigest
Tags:	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Receives data from a server

Sends data to a server

Creating a file

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/661bd0fc0b46b30369370697/reports/a1d2a292-3c50-4b04-8aa1-7873b6975d1f/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

mips

Packer:

not packed

Botnet:

103.237.86.195

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/102ca1bb1e781cf3d07f856331484e84c89bbd3840e88b3f59856682032c049d

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/74e20e05-fe06-4e06-b1e6-b0f3beb4ae64

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1425746

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/102ca1bb1e781cf3d07f856331484e84c89bbd3840e88b3f59856682032c049d

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/102ca1bb1e781cf3d07f856331484e84c89bbd3840e88b3f59856682032c049d/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2024-04-14 12:50:06 UTC

File Type:

ELF32 Big (Exe)

AV detection:

6 of 38 (15.79%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cawkdoy6paophud7qvrtcscoqtejxpjyiduiwp2zqvtieazmasoq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/240414-p2xbfsbf6s/

Behaviour

Writes file to tmp directory

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/102ca1bb1e781cf3d07f856331484e84c89bbd3840e88b3f59856682032c049d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 102ca1bb1e781cf3d07f856331484e84c89bbd3840e88b3f59856682032c049d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2809919/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2789100/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample