MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39c5c5e71b28837b6157baa9dd82775b195d82e6269faeb02b68ceeda1031500. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39c5c5e71b28837b6157baa9dd82775b195d82e6269faeb02b68ceeda1031500
SHA3-384 hash: a46702b72028032121ce468d438ecc4368c45b90e47df13587e45389d6423daa3fb93b72c4c0b60e42df84ac47c5ee00
SHA1 hash: f9c3c2166b63875fd105b79c3439ce2418dcd705
MD5 hash: 03b55f4091a4d6ce088e4f0868d930c9
humanhash: beryllium-green-may-sweet
File name:03b55f4091a4d6ce088e4f0868d930c9
Download: download sample
Signature Mirai
Create hunting rule
File size:27'108 bytes
First seen:2021-10-16 14:54:54 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:rPnloJzM+8ViY8JNltOShK2Zpb8Pl5o2k:bnlCzP8pAjOYpcl5o2k
TLSH T18CC2F190B4A5AB76E756317405DF47B4201CED7063E23355D88D802ECA33EAC52A67FA
Reporter zbetcheckin
Tags:32 elf intel mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai-63.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/616ae7cc9a5a1e91c5c2a77e/reports/ae43b496-a15a-4db1-8b76-88bf419361c5/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
UPX
Botnet:
unknown
Number of open files:
45
Number of processes launched:
5
Processes remaning?
true
Remote TCP ports scanned:
2323,23
Full report:
https://elfdigest.com/brief/39c5c5e71b28837b6157baa9dd82775b195d82e6269faeb02b68ceeda1031500
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c33bdb10-560b-4f65-8d03-69f06c971203
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/871606
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 504031 Sample: 0xLNdGVNNk Startdate: 16/10/2021 Architecture: LINUX Score: 56 20 45.208.154.223 zain-asGH Ghana 2->20 22 45.6.174.234 ZENAIDEALVESDESOUZAOLIVEIRAECIALTDA-MEBR Brazil 2->22 24 98 other IPs or domains 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Uses known network protocols on non-standard ports 2->28 30 Sample is packed with UPX 2->30 8 0xLNdGVNNk 2->8         started        10 systemd systemd-resolved 2->10         started        signatures3 process4 process5 12 0xLNdGVNNk 8->12         started        process6 14 0xLNdGVNNk 12->14         started        16 0xLNdGVNNk 12->16         started        18 0xLNdGVNNk 12->18         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/39c5c5e71b28837b6157baa9dd82775b195d82e6269faeb02b68ceeda1031500/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2021-10-16 14:55:05 UTC
AV detection:
15 of 45 (33.33%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/211016-sagcpscba4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/39c5c5e71b28837b6157baa9dd82775b195d82e6269faeb02b68ceeda1031500

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 39c5c5e71b28837b6157baa9dd82775b195d82e6269faeb02b68ceeda1031500

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1685085/
  
URLhaus
https://urlhaus.abuse.ch/url/1663363/

Comments


Avatar
zbet commented on 2021-10-16 14:54:56 UTC

url : hxxp://45.148.10.245/lx/apep.x86