MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a199c76d115ea1c1c107c3c3cf4a077d8ff03f6524b8ca14ef10bf77f4bd033. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments

SHA256 hash: 1a199c76d115ea1c1c107c3c3cf4a077d8ff03f6524b8ca14ef10bf77f4bd033
SHA3-384 hash: 1cab7785c83a1f61466be332d80b32e94400fea647c331173b27a12df3d9460fe3cd0e3cdbedff58bc48b2ebf689f65a
SHA1 hash: 1f5b21e732f8f10cbb83b07089843a4b159c7e39
MD5 hash: b15734d05e43dc47d98afe4beebc89c5
humanhash: tennessee-georgia-undress-mountain
File name:sora.arm
Download: download sample
Signature Mirai
File size:27'344 bytes
First seen:2022-07-08 03:50:07 UTC
Last seen:2022-07-09 00:50:08 UTC
File type: elf
MIME type:application/x-executable
ssdeep 384:KBH2HEdV7UQDoYQHXxcjllK5+AWaFmK0MF9lz7X6AGexXVzonBY6plN7rhymdGUs:byNUQUfhQllxlaH0MFjlOnGsps3Uozf
TLSH T13BC2F0699228D072F1B45936FEBF01036736CEF8D6EF363622144734E08AC1696B5B4B
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter tolisec
Tags:mirai

Intelligence


File Origin
# of uploads :
3
# of downloads :
156
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
164.92.85.17:80/bins
Number of open files:
56
Number of processes launched:
13
Processes remaning?
true
Remote TCP ports scanned:
23
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
164.92.85.17:1312
UDP botnet C2(s):
not identified
Result
Threat name:
Detection:
malicious
Classification:
spre.troj.evad
Score:
76 / 100
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 659420 Sample: sora.arm Startdate: 08/07/2022 Architecture: LINUX Score: 76 24 114.209.252.19 XEPHIONNTT-MECorporationJP China 2->24 26 209.156.89.193, 23 WINDSTREAMUS United States 2->26 28 98 other IPs or domains 2->28 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 36 Uses known network protocols on non-standard ports 2->36 38 Sample is packed with UPX 2->38 8 sora.arm 2->8         started        signatures3 process4 process5 10 sora.arm 8->10         started        12 sora.arm 8->12         started        15 sora.arm 8->15         started        signatures6 17 sora.arm 10->17         started        20 sora.arm 10->20         started        22 sora.arm 10->22         started        40 Sample tries to kill multiple processes (SIGKILL) 12->40 process7 signatures8 30 Sample tries to kill multiple processes (SIGKILL) 17->30
Threat name:
Linux.Trojan.Mirai
Status:
Malicious
First seen:
2022-07-08 03:51:07 UTC
File Type:
ELF32 Little (Exe)
AV detection:
12 of 40 (30.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments