MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a514e0ab8e84db630747fe9d38e72063d3f7ffe5f9076c73a3f9ff52eb2d6bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a514e0ab8e84db630747fe9d38e72063d3f7ffe5f9076c73a3f9ff52eb2d6bf
SHA3-384 hash: c6adef08c89e0bd4e69ce9766daf82b028474ec6137392172adbc9d0684d682238c2bd58eaca4c645b4d9f9bb9a1be78
SHA1 hash: 92f86c7294e8f8df3d07aa990b519a00a3f531be
MD5 hash: 37fb8f847b52baf569a69268ee67c9c3
humanhash: mountain-xray-yellow-nevada
File name:armv4l
Download: download sample
Signature Mirai
Create hunting rule
File size:66'964 bytes
First seen:2024-12-15 13:41:16 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:eoQXYZfR+6PI1F1ANdmvVKi2uokcyo/0B9UkapF396VPROBElZKKAThnT7cIHLSL:eEi1rMO2uokcyo/0sZv96bq1KABvcyK
TLSH T140633985BC819A12C5E43277FA2E52CD335227E8E2DE32178D226F51B7CAC2B0D77645
telfhash t1c7d022be8b80918523a06705d2dd22218ae0f0a73b40b09003800bdb4a53800f22fd03
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai.8670.19939.9860.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=675edf5c8fb73f13afc9f2calinux22vpnfull_triage
Tags:
mirai
Result
Verdict:
Malware
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/675edcadfd0a3e6888683d10/reports/0c89cf44-1a92-4841-8e3e-637c46a6e3f3/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
true
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
15
Number of processes launched:
2
Processes remaning?
true
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/2a514e0ab8e84db630747fe9d38e72063d3f7ffe5f9076c73a3f9ff52eb2d6bf
Behaviour
Anti-VM
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
type: 172.217.192.127:3478
Result
Verdict:
UNKNOWN
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cb393043-7a5b-4ec2-b646-131626eece4b
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1575432
Signature
Multi AV Scanner detection for submitted file
Opens /sys/class/net/* files useful for querying network interface information
Performs DNS TXT record lookups
Sample deletes itself
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575432 Sample: armv4l.elf Startdate: 15/12/2024 Architecture: LINUX Score: 60 20 iranistrash.libre 2->20 22 109.202.202.202, 80 INIT7CH Switzerland 2->22 24 4 other IPs or domains 2->24 26 Multi AV Scanner detection for submitted file 2->26 8 armv4l.elf 2->8         started        11 dash rm 2->11         started        13 dash rm 2->13         started        signatures3 28 Performs DNS TXT record lookups 20->28 process4 signatures5 30 Sample deletes itself 8->30 15 armv4l.elf 8->15         started        process6 signatures7 32 Opens /sys/class/net/* files useful for querying network interface information 15->32 18 armv4l.elf 15->18         started        process8
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/2a514e0ab8e84db630747fe9d38e72063d3f7ffe5f9076c73a3f9ff52eb2d6bf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a514e0ab8e84db630747fe9d38e72063d3f7ffe5f9076c73a3f9ff52eb2d6bf/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2024-12-15 13:42:05 UTC
File Type:
ELF32 Little (Exe)
AV detection:
4 of 38 (10.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fjiu4cvy5bg3mmdup7u5hdtsay6t6776l6ihnrz2h6p7klvs227q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/241215-qznf7swjbs/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/26f9fecd-05a2-401f-83e6-9069edca43aa
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2a514e0ab8e84db630747fe9d38e72063d3f7ffe5f9076c73a3f9ff52eb2d6bf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Generic_Threat_d94e1020
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e432fc214accbdb91b92412c5021a599754808f09d7be16cc8f1b853fa1431cc

Mirai

elf 2a514e0ab8e84db630747fe9d38e72063d3f7ffe5f9076c73a3f9ff52eb2d6bf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3350368/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 e432fc214accbdb91b92412c5021a599754808f09d7be16cc8f1b853fa1431cc
  
Dropped by
MD5 d27a27fd79424fb842aad6549535a27d
  
Dropped by
SHA256 0685a6bdbd663be38a18536f9b70dc31e8d7a64d00e48998b87fa9b1d95eab73
  
Dropped by
MD5 aa52882ac2855c42b5a8336b78623f25
  
Dropped by
SHA256 7bfb49dbe438622b5e6b8ccdd7dba17a35d2721a907827643aad9a627461b7d3
  
Dropped by
MD5 78b272587467615f501fd1faedac9a68
  
Dropped by
SHA256 652d2ab3900da5cf25a34b2c2f953b65c19ddc884939a95ec9a4c270cc1bf3c1
  
Dropped by
MD5 28568d0545787be38ccf075246a89119
  
Dropped by
SHA256 f29c3cd591c941f4fad481ed31917a701b873200bae178ce120905aff69762a6
  
Dropped by
MD5 e4b18958c3a062bbdedce38186e0d366
  
Dropped by
SHA256 ac5a11026f814874b9b3aa699833ab0c7874f21044f8829ee07eeb703bf31b10
  
Dropped by
MD5 661b8b80f2627413d3a0c711b9081798
  
Dropped by
SHA256 a42cca9188e76c22c4bf78fb9821155323da79c3e2ad49be53ff3dc3ff074615
  
Dropped by
MD5 a88d115f98e36b3d4e6e0cae26910467
  
Dropped by
SHA256 7ffe4d701312bc48994f01ce6e560242004918e445b87e672469691ee54939c1
  
Dropped by
MD5 2aca51099b8179757a73c9cd9da89dbb
  
Dropped by
SHA256 d52aac17b47d382cccbc70021f7bfd04e0942c938763069f4ce2d1275cf2627a
  
Dropped by
MD5 94c30b567449ed8f949a75789264cbbb
  
Dropped by
SHA256 259fbba0631e74d7bf4df80e80374e834d716a18f8eec97150f956327ac3f830
  
Dropped by
MD5 cd4cebdded77e40668fa4aab0c940c26
  
Dropped by
SHA256 50afe9a363f239c78c6b725fddf37c2911dcb8076c548e44499e6dd87bd34def
  
Dropped by
MD5 8348747ba816afa3a9ee80c023a5da8e
  
Dropped by
SHA256 5953ed54bf58bea2db79f92e341e5259d309593c96a9e40380e5e89810a30f6b
  
Dropped by
MD5 89564c6eb76187d624b6aa8b34353cc0
  
Dropped by
SHA256 2115368633adc9c88136f354dafb791ed0fdb030eca8106813526ac21545adca
  
Dropped by
MD5 a7ee8fd2274ac759f68986764c547c48
  
Dropped by
SHA256 00c35a84aca7822074a8a44b3fc0d3aa1d0527f0526fbbf0b01f48ec6f806e59
  
Dropped by
MD5 0034795da862111208d008754997bc0a

Comments