MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2dfbd388ba292b83833bca07d57d3d3fa0b61904708acd52d6f513829c4887c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2dfbd388ba292b83833bca07d57d3d3fa0b61904708acd52d6f513829c4887c1
SHA3-384 hash: 0479cc387863ed4761d1c5030a1d6f03364dd059b91d802705ee757b6015adbb5fd0f977f023731c2a7886e6761ac5c4
SHA1 hash: 7c4a5b28669a10e02c6d17090c7a8a176c848005
MD5 hash: c206fc1bf62d85acb9ff300a32ac3070
humanhash: queen-three-jupiter-cardinal
File name:sora.x86
Download: download sample
Signature Mirai
Create hunting rule
File size:24'728 bytes
First seen:2022-05-04 21:50:03 UTC
Last seen:2025-01-16 00:10:30 UTC
File type: elf
MIME type:application/x-executable
ssdeep 384:MVDKKQOcRpmYLdn6RBOFRFt5rUFX1DiSIlCo3AnupCFNqnrrd1NEZgO8UXWozPL3:w/QOC0Yhn6ROHWFlAcwNEFCnNBxcdpcw
TLSH T130B2E195D7FB1BC3C2A19336D07C4A4DE6B31AC00346840A6109764EA2A760E9BFB3E5
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter tolisec
Tags:mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
229
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Mirai-7829191-0
Create hunting rule

Unix.Trojan.Mirai-7832354-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug mirai
Link:
https://www.filescan.io/uploads/6272f5152b32b1c37c94a0e7/reports/a8d59ca5-3143-41ca-9888-04b4e14d6340/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
UPX
Botnet:
45.95.169.124:80/bins
Number of open files:
4
Number of processes launched:
7
Processes remaning?
true
Remote TCP ports scanned:
23
Full report:
https://elfdigest.com/brief/2dfbd388ba292b83833bca07d57d3d3fa0b61904708acd52d6f513829c4887c1
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
45.95.169.124:1312
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bb8c56af-c85f-4d58-adea-1d6fd8ff609e
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/988103
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 620602 Sample: sora.x86 Startdate: 05/05/2022 Architecture: LINUX Score: 64 68 67.111.185.251 XO-AS15US United States 2->68 70 146.145.212.16, 23 WINDSTREAMUS United States 2->70 72 98 other IPs or domains 2->72 74 Multi AV Scanner detection for submitted file 2->74 76 Yara detected Mirai 2->76 78 Uses known network protocols on non-standard ports 2->78 80 Sample is packed with UPX 2->80 10 systemd logrotate 2->10         started        12 systemd mandb sora.x86 2->12         started        14 systemd install 2->14         started        16 systemd find 2->16         started        signatures3 process4 process5 18 logrotate sh 10->18         started        20 logrotate sh 10->20         started        22 logrotate gzip 10->22         started        24 logrotate gzip 10->24         started        26 sora.x86 12->26         started        28 sora.x86 12->28         started        30 sora.x86 12->30         started        process6 32 sh invoke-rc.d 18->32         started        34 sh rsyslog-rotate 20->34         started        36 sora.x86 26->36         started        38 sora.x86 26->38         started        40 sora.x86 28->40         started        42 sora.x86 28->42         started        44 sora.x86 28->44         started        process7 46 invoke-rc.d runlevel 32->46         started        48 invoke-rc.d systemctl 32->48         started        50 invoke-rc.d ls 32->50         started        52 invoke-rc.d systemctl 32->52         started        54 rsyslog-rotate systemctl 34->54         started        56 sora.x86 36->56         started        62 2 other processes 36->62 58 sora.x86 40->58         started        60 sora.x86 40->60         started        process8 64 sora.x86 56->64         started        66 sora.x86 56->66         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/2dfbd388ba292b83833bca07d57d3d3fa0b61904708acd52d6f513829c4887c1/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-05-04 21:51:05 UTC
File Type:
ELF32 Little (Exe)
AV detection:
18 of 25 (72.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
discovery linux
Link:
https://tria.ge/reports/220504-1pyjjaegb2/
Behaviour
Contacts a large (175523) amount of remote hosts
Creates a large amount of network flows
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2dfbd388ba292b83833bca07d57d3d3fa0b61904708acd52d6f513829c4887c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 2dfbd388ba292b83833bca07d57d3d3fa0b61904708acd52d6f513829c4887c1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2178646/
  
Delivery method
Distributed via web download

Comments