MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5833816db9609f4e8aac8c3869de46d18bae2e41914ac180d699e0281d8a8dec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	5833816db9609f4e8aac8c3869de46d18bae2e41914ac180d699e0281d8a8dec
SHA3-384 hash:	64d4dd572e4744c37e32991cb9bef50140deb991013f216200d8d2a8d630484b9160c096e17b0712a65db61b341c7dca
SHA1 hash:	434d0d07a96037a12e595f5350b300412127ad37
MD5 hash:	556cf516e98e88fd0eef65166e87c731
humanhash:	mobile-potato-spaghetti-kilo
File name:	fuckunix.mips
Download:	download sample
Signature	Mirai Create hunting rule
File size:	73'304 bytes
First seen:	2025-01-04 13:21:43 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:pUC4Gv/1PLn/m9Qfy2rmBh7+0jRb+10WuP:p1t37mb7+oReG
TLSH	T1D263961D7E218FEDFAAD823447B78E21AA5823D627D1D5C4E15CEA011E7024E341FFA9
telfhash	t16c011d1c853853f1d7860d9d67edff76d45141eb46156f738e00f9669711a429e01c1c
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

114

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6779377474a2bd296e26987alinux22vpnfull_triage

Tags:

mirai ddos

Result

Verdict:

Malware

Maliciousness:

Behaviour

Opens a port

Connection attempt

Runs as daemon

Substitutes an application name

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug botnet masquerade mirai obfuscated

Link:

https://www.filescan.io/uploads/6779360579f28a6aeae2236b/reports/a4145dfe-9915-4452-9788-cf0d47c1ff07/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

true

Architecture:

mips

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

true

Remote TCP ports scanned:

2323,23

Full report:

https://elfdigest.com/brief/5833816db9609f4e8aac8c3869de46d18bae2e41914ac180d699e0281d8a8dec

Behaviour

Anti-VM

Process Renaming

Botnet C2s

TCP botnet C2(s):

type:Mirai 102.211.232.40:3778

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/1f888078-4ee8-4bca-af87-6e00447d4711

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1584148

Signature

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/5833816db9609f4e8aac8c3869de46d18bae2e41914ac180d699e0281d8a8dec

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/5833816db9609f4e8aac8c3869de46d18bae2e41914ac180d699e0281d8a8dec/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2025-01-04 13:22:11 UTC

File Type:

ELF32 Big (Exe)

AV detection:

17 of 23 (73.91%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lazyc3nzmcpu5cvmrq4gtxsg2gf24lsbsffmdagwthqcqhmkrxwa._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai defense_evasion discovery

Link:

https://tria.ge/reports/250104-ql79fstkhr/

Behaviour

System Network Configuration Discovery

Changes its process name

Writes file to system bin folder

Modifies Watchdog functionality

Contacts a large (45298) amount of remote hosts

Creates a large amount of network flows

Verdict:

Malicious

Tags:

trojan gafgyt botnet mirai Unix.Dropper.Mirai-7136013-0

YARA:

Linux_Trojan_Gafgyt_28a2fe0c Linux_Gafgyt_May_2024 Mirai_Botnet_Malware

Link:

https://app.threat.zone/submission/7c586d91-bfad-4c3c-bd94-b8a55f942047

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/5833816db9609f4e8aac8c3869de46d18bae2e41914ac180d699e0281d8a8dec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 5833816db9609f4e8aac8c3869de46d18bae2e41914ac180d699e0281d8a8dec

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3388561/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample