MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46ba2b4a8cb9969855afa52f49cd406fac96a7e1a6641edfbe354314c5124a19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46ba2b4a8cb9969855afa52f49cd406fac96a7e1a6641edfbe354314c5124a19
SHA3-384 hash: bc9ccf202a5cf96baa9bfd56a2712b4bcdcca9e536bb51f09a65ea4b4924a2e6930824a19564fe48c5a5d9f753afbf31
SHA1 hash: b00db9bfbbbaa3d11de83b698cb8930f6956f8f1
MD5 hash: 7127300e16398b9ea06dba04718766f6
humanhash: oranges-tennessee-magazine-hamper
File name:7127300e16398b9ea06dba04718766f6
Download: download sample
Signature Mirai
Create hunting rule
File size:27'528 bytes
First seen:2022-03-25 10:09:34 UTC
Last seen:2022-03-25 11:35:31 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:NGMFMVagVGDOL2DpbcxXWt7uc/YVTJgGlzDpUYs1:NlCagb2DpbKXWt7ucAVqYS
TLSH T1E9C2D13D521010AAF161D9FF07E507517DB18BBBBA07CC0DEB65B187AF1626528C7AB0
Reporter zbetcheckin
Tags:32 elf mips mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
204
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai.1288.14993.8302.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/623d950e9253b276b76b1250/reports/bffded7d-a6b3-406d-8998-5854a5edc602/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
unknown
Number of open files:
1
Number of processes launched:
7
Processes remaning?
true
Remote TCP ports scanned:
37215
Full report:
https://elfdigest.com/brief/46ba2b4a8cb9969855afa52f49cd406fac96a7e1a6641edfbe354314c5124a19
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
103.136.40.243:5034
UDP botnet C2(s):
not identified
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6f3fc557-5267-4dfd-81a0-612d59ceb584
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/964463
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/46ba2b4a8cb9969855afa52f49cd406fac96a7e1a6641edfbe354314c5124a19/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-03-25 10:10:23 UTC
File Type:
ELF32 Big (Exe)
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
linux
Link:
https://tria.ge/reports/220325-l7g7yaede3/
Behaviour
Reads runtime system information
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.23
Link:
https://yomi.yoroi.company/submissions/46ba2b4a8cb9969855afa52f49cd406fac96a7e1a6641edfbe354314c5124a19

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 46ba2b4a8cb9969855afa52f49cd406fac96a7e1a6641edfbe354314c5124a19

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2102323/
  
URLhaus
https://urlhaus.abuse.ch/url/2115072/

Comments


Avatar
zbet commented on 2022-03-25 10:09:37 UTC

url : hxxp://103.136.40.243/Cronmips