MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 263809d8a0ce73d8e933ea7ee3aa7fe621cf375a63ff6ecfcfa1fa5dfaa4ff43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	263809d8a0ce73d8e933ea7ee3aa7fe621cf375a63ff6ecfcfa1fa5dfaa4ff43
SHA3-384 hash:	fc2603c36e5956d294c2e6e35907ed5b801c28f7818d9dd20986953c71847d11e65204bebd12f5df3777d14a2a84df2b
SHA1 hash:	5d5c37275d7ab730c28d149fb356f9f9d713d45f
MD5 hash:	0ee93d0dc90f877daeb90d5488e08d3f
humanhash:	artist-north-sad-comet
File name:	dlr.mips
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'984 bytes
First seen:	2024-12-21 05:10:53 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	24:3u4dsgph8AmsiRD8AmyT/z2HdllP8WzqtWB4u37I8paXDdz3N9l5zBkEp7ilAGnb:exgpEuQ2H7mWz1EXD/9LuEp8nn27qxMM
TLSH	T16E41CC8E1F714EF8F559D93887374B3527AE924847C04249E2ACDA406EC430D89AEBE9
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

104

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30479.LC.UNOFFICIAL

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67664ded8a4d48ee35fda170linux22vpnfull_triage

Tags:

malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Receives data from a server

Connection attempt

Creating a file

Sends data to a server

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug masquerade

Link:

https://www.filescan.io/uploads/67664de9dfd3fc9d659e4511/reports/4fb9ce25-5f70-480d-bf6e-d83441902ac5/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

mips

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/263809d8a0ce73d8e933ea7ee3aa7fe621cf375a63ff6ecfcfa1fa5dfaa4ff43

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Result

Verdict:

UNKNOWN

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/6aca6ab5-3302-4673-988e-1af8dfdfc3b3

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1579229

Signature

Antivirus detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/263809d8a0ce73d8e933ea7ee3aa7fe621cf375a63ff6ecfcfa1fa5dfaa4ff43

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/263809d8a0ce73d8e933ea7ee3aa7fe621cf375a63ff6ecfcfa1fa5dfaa4ff43/

Threat name:

Linux.Downloader.Mirai

Status:

Malicious

First seen:

2024-12-21 05:11:05 UTC

File Type:

ELF32 Big (Exe)

AV detection:

15 of 38 (39.47%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ey4atwfazzz5r2jt5j7ohkt74yq46n22mp7w5t6puh5f36ve75bq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/241221-ft9r5stpgm/

Behaviour

System Network Configuration Discovery

Writes file to tmp directory

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/00788859-7733-4003-b732-969c3047a52a

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mirai

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/263809d8a0ce73d8e933ea7ee3aa7fe621cf375a63ff6ecfcfa1fa5dfaa4ff43

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 263809d8a0ce73d8e933ea7ee3aa7fe621cf375a63ff6ecfcfa1fa5dfaa4ff43

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3192450/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample