MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 4b547f5acbac096bd97268d84df0fefae55ac056bee0d5e0f66b4ee36a0b787a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Mirai
Vendor detections: 6
| SHA256 hash: | 4b547f5acbac096bd97268d84df0fefae55ac056bee0d5e0f66b4ee36a0b787a |
|---|---|
| SHA3-384 hash: | 50588a8c31a98e37659a7f5d44b30c3841b458a6c4f27740707910552d3c9e00fb95f4d026be378248e845ac4897418b |
| SHA1 hash: | 3e135bc3364e3e85936c4d2139792f7b7cea7e39 |
| MD5 hash: | ead6289a8b996071ce38eda65945e852 |
| humanhash: | enemy-ohio-fanta-georgia |
| File name: | Mozi.m |
| Download: | download sample |
| Signature | Mirai |
| File size: | 307'960 bytes |
| First seen: | 2021-06-30 12:00:39 UTC |
| Last seen: | Never |
| File type: | elf |
| MIME type: | application/x-executable |
| ssdeep | 6144:p3lOYoaja8xzx/0wsxzSi/abE5wKSDP99zBa77oNsKqqfPqOJ:p1CG/jsxzX/abEDSDP99zBa/HKqoPqOJ |
| TLSH | A664D08AEE01AF25E9C425BAFE5F034973634B6CD3EBB111E620972537CA54B4F36045 |
| Reporter |  tolisec |
| Tags: | mirai |
Intelligence
File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai-63.UNOFFICIAL
SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL
Unix.Dropper.Botnet-6566040-0
Unix.Packed.Botnet-6566031-0
Unix.Trojan.Gafgyt-6735924-0
Unix.Trojan.Gafgyt-6748839-0
Unix.Trojan.Mirai-7100807-0
Unix.Dropper.Mirai-7135934-0
Unix.Dropper.Mirai-7136013-0
Unix.Dropper.Mirai-7136057-0
Unix.Dropper.Mirai-7136070-0
Unix.Trojan.Mirai-8025795-0
Unix.Trojan.Mirai-9762350-0
Unix.Trojan.Mirai-9763616-0
Unix.Trojan.Mirai-9769616-0
Unix.Exploit.Mirai-9795501-0
Unix.Trojan.Mozi-9840825-0
Unix.Trojan.Mirai-9843255-0
Unix.Trojan.Mirai-9858729-0
SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL
Unix.Dropper.Botnet-6566040-0
Unix.Packed.Botnet-6566031-0
Unix.Trojan.Gafgyt-6735924-0
Unix.Trojan.Gafgyt-6748839-0
Unix.Trojan.Mirai-7100807-0
Unix.Dropper.Mirai-7135934-0
Unix.Dropper.Mirai-7136013-0
Unix.Dropper.Mirai-7136057-0
Unix.Dropper.Mirai-7136070-0
Unix.Trojan.Mirai-8025795-0
Unix.Trojan.Mirai-9762350-0
Unix.Trojan.Mirai-9763616-0
Unix.Trojan.Mirai-9769616-0
Unix.Exploit.Mirai-9795501-0
Unix.Trojan.Mozi-9840825-0
Unix.Trojan.Mirai-9843255-0
Unix.Trojan.Mirai-9858729-0
Verdict:
Malicious
Uses P2P?:
true
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
117.222.164.158:55388
Number of open files:
427
Number of processes launched:
38
Processes remaning?
true
Remote TCP ports scanned:
37215,8181,8081,80,8080,5555,49152,8443,60001,81,52869,7574,2323,23
Full report:
Behaviour
Process Renaming
Firewall Changes
Information Gathering
Botnet C2s
TCP botnet C2(s):
212.129.33.59:6881
82.221.103.244:6881
130.239.18.159:6881
87.98.162.88:6881
78.196.226.116:6881
185.232.233.66:6881
83.148.36.102:6881
92.97.180.228:6881
150.147.99.230:6881
169.61.218.53:6881
14.198.43.33:6881
5.147.113.151:6881
181.59.245.103:6881
5.196.66.233:6881
95.148.29.179:6881
73.143.177.125:6881
58.96.90.83:6881
68.84.106.208:6881
31.10.128.165:31833
176.62.225.7:51387
119.237.128.209:11092
60.126.40.122:7547
59.115.85.11:13067
117.241.49.188:4000
112.27.124.131:4000
92.100.124.177:34575
93.175.7.150:10245
194.96.83.57:6889
188.25.90.190:6889
46.200.85.158:41108
114.4.222.152:30774
46.188.90.40:51413
46.7.110.92:51413
24.247.13.68:51413
37.187.102.140:51413
91.196.112.68:51413
95.165.154.11:51413
188.165.198.144:51413
146.59.233.88:51413
82.131.245.18:51413
89.149.200.215:51413
194.39.99.59:10499
70.49.151.178:49518
31.10.174.144:16496
27.215.86.41:28042
182.119.182.218:41451
195.154.181.225:47153
195.154.172.169:31421
89.68.28.16:23515
130.0.51.211:38158
5.103.207.3:48501
84.236.108.168:61560
212.40.86.153:50001
172.194.163.138:49001
117.196.31.128:40979
120.156.33.181:18722
178.141.188.45:61773
39.87.200.45:4080
113.87.226.96:17533
78.66.209.192:3547
101.23.236.19:1027
153.101.234.108:1027
115.53.252.242:59679
85.17.65.206:61832
77.121.208.209:13574
37.146.0.5:63434
77.81.142.73:58963
116.68.110.131:31078
184.22.58.109:45682
89.239.165.13:49386
120.231.48.51:3632
120.75.98.179:25327
185.162.184.23:52142
112.24.121.184:14535
14.52.231.113:18023
223.130.31.129:7317
78.37.41.33:9608
120.193.91.193:30301
178.141.43.203:30301
112.83.118.156:30301
112.246.226.87:30301
119.102.149.177:30301
62.4.21.13:8336
188.119.112.117:33619
62.210.209.183:51249
116.49.17.137:41511
116.68.111.50:36065
223.130.31.69:7993
118.79.0.238:55407
94.61.170.52:54938
86.8.218.249:50321
171.35.174.19:19495
113.90.187.19:3669
124.94.226.89:55437
113.88.154.155:31805
112.95.99.51:8082
46.166.142.45:55823
112.27.232.189:22043
213.136.79.7:6966
183.179.168.192:11266
213.136.79.7:6947
178.162.139.155:10230
195.154.179.2:45732
212.129.19.188:48782
46.251.55.247:49335
27.239.173.42:40981
175.164.82.73:46735
86.49.242.2:36605
81.171.18.105:53461
54.38.47.95:22701
46.139.73.37:26356
188.163.52.83:15157
97.122.160.99:52560
71.105.124.238:45613
126.51.206.50:50266
78.92.153.75:1629
185.107.71.5:28129
185.107.71.139:28016
192.168.1.10:8080
112.30.100.228:8080
119.187.110.84:8080
123.25.197.237:49111
115.88.133.148:6592
112.30.1.130:8081
178.72.78.66:13851
116.68.110.50:9959
45.82.176.69:61964
84.53.216.63:6401
120.193.91.198:50970
27.21.146.222:18146
183.56.161.71:33287
133.218.219.65:22373
116.68.97.32:55705
1.10.147.64:35665
212.5.196.87:19015
42.230.142.19:27554
180.188.251.93:64796
180.188.250.140:5363
27.208.100.36:12164
47.115.91.0:29813
125.44.68.219:5937
121.4.99.129:2789
45.87.251.10:28008
121.138.24.94:40628
93.55.225.0:40000
82.221.103.244:6881
130.239.18.159:6881
87.98.162.88:6881
78.196.226.116:6881
185.232.233.66:6881
83.148.36.102:6881
92.97.180.228:6881
150.147.99.230:6881
169.61.218.53:6881
14.198.43.33:6881
5.147.113.151:6881
181.59.245.103:6881
5.196.66.233:6881
95.148.29.179:6881
73.143.177.125:6881
58.96.90.83:6881
68.84.106.208:6881
31.10.128.165:31833
176.62.225.7:51387
119.237.128.209:11092
60.126.40.122:7547
59.115.85.11:13067
117.241.49.188:4000
112.27.124.131:4000
92.100.124.177:34575
93.175.7.150:10245
194.96.83.57:6889
188.25.90.190:6889
46.200.85.158:41108
114.4.222.152:30774
46.188.90.40:51413
46.7.110.92:51413
24.247.13.68:51413
37.187.102.140:51413
91.196.112.68:51413
95.165.154.11:51413
188.165.198.144:51413
146.59.233.88:51413
82.131.245.18:51413
89.149.200.215:51413
194.39.99.59:10499
70.49.151.178:49518
31.10.174.144:16496
27.215.86.41:28042
182.119.182.218:41451
195.154.181.225:47153
195.154.172.169:31421
89.68.28.16:23515
130.0.51.211:38158
5.103.207.3:48501
84.236.108.168:61560
212.40.86.153:50001
172.194.163.138:49001
117.196.31.128:40979
120.156.33.181:18722
178.141.188.45:61773
39.87.200.45:4080
113.87.226.96:17533
78.66.209.192:3547
101.23.236.19:1027
153.101.234.108:1027
115.53.252.242:59679
85.17.65.206:61832
77.121.208.209:13574
37.146.0.5:63434
77.81.142.73:58963
116.68.110.131:31078
184.22.58.109:45682
89.239.165.13:49386
120.231.48.51:3632
120.75.98.179:25327
185.162.184.23:52142
112.24.121.184:14535
14.52.231.113:18023
223.130.31.129:7317
78.37.41.33:9608
120.193.91.193:30301
178.141.43.203:30301
112.83.118.156:30301
112.246.226.87:30301
119.102.149.177:30301
62.4.21.13:8336
188.119.112.117:33619
62.210.209.183:51249
116.49.17.137:41511
116.68.111.50:36065
223.130.31.69:7993
118.79.0.238:55407
94.61.170.52:54938
86.8.218.249:50321
171.35.174.19:19495
113.90.187.19:3669
124.94.226.89:55437
113.88.154.155:31805
112.95.99.51:8082
46.166.142.45:55823
112.27.232.189:22043
213.136.79.7:6966
183.179.168.192:11266
213.136.79.7:6947
178.162.139.155:10230
195.154.179.2:45732
212.129.19.188:48782
46.251.55.247:49335
27.239.173.42:40981
175.164.82.73:46735
86.49.242.2:36605
81.171.18.105:53461
54.38.47.95:22701
46.139.73.37:26356
188.163.52.83:15157
97.122.160.99:52560
71.105.124.238:45613
126.51.206.50:50266
78.92.153.75:1629
185.107.71.5:28129
185.107.71.139:28016
192.168.1.10:8080
112.30.100.228:8080
119.187.110.84:8080
123.25.197.237:49111
115.88.133.148:6592
112.30.1.130:8081
178.72.78.66:13851
116.68.110.50:9959
45.82.176.69:61964
84.53.216.63:6401
120.193.91.198:50970
27.21.146.222:18146
183.56.161.71:33287
133.218.219.65:22373
116.68.97.32:55705
1.10.147.64:35665
212.5.196.87:19015
42.230.142.19:27554
180.188.251.93:64796
180.188.250.140:5363
27.208.100.36:12164
47.115.91.0:29813
125.44.68.219:5937
121.4.99.129:2789
45.87.251.10:28008
121.138.24.94:40628
93.55.225.0:40000
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mozi
Verdict:
Malicious
Threat name:
Linux.Trojan.Mirai
Status:
Malicious
First seen:
2021-06-30 04:42:32 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
5/5
Result
Malware family:
n/a
Score:
9/10
Tags:
linux
Behaviour
Reads runtime system information
Writes file to tmp directory
Reads system network configuration
Enumerates active TCP sockets
Reads system routing table
Modifies hosts file
Modifies the Watchdog daemon
Writes file to system bin folder
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.