MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5850d800a6b19d010552f5c5a2b4f2cdebb437a5ff5be1c09f3e014c3087e80f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5850d800a6b19d010552f5c5a2b4f2cdebb437a5ff5be1c09f3e014c3087e80f
SHA3-384 hash: 3d665bcb744d54359b2da4a6cdc49596073585a67eede1c92302ccbd5808b92212cab40891c9fb73bcfed03d4a083d6a
SHA1 hash: 057694607e2f8042a52af8f1412a908c216ccb84
MD5 hash: 87d9889487d16a7b4540aa22f88ebd81
humanhash: hawaii-foxtrot-fix-romeo
File name:87d9889487d16a7b4540aa22f88ebd81
Download: download sample
Signature Mirai
Create hunting rule
File size:29'992 bytes
First seen:2022-06-10 21:07:21 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:FNPv4DvmpNQEI1A9xQCJeX10tw49zBTROnbcuyD7UHQRjDh:FJv6q0KxFeX1099VTROnouy8Hynh
TLSH T13CD2E16A8CE62B0BE50C117474CE2D05CC72510E3189C847FA955C7BDC69F7B7A28347
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter zbetcheckin
Tags:32 elf gafgyt intel mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
339
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135858-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62a3b2b48763ffd4adaeec43/reports/12dedb58-fde5-4289-bf34-ae275ce73378/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
UPX
Botnet:
unknown
Number of open files:
1
Number of processes launched:
7
Processes remaning?
false
Remote TCP ports scanned:
23
Full report:
https://elfdigest.com/brief/5850d800a6b19d010552f5c5a2b4f2cdebb437a5ff5be1c09f3e014c3087e80f
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
62.197.136.92:9506
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8784a6cd-16f7-4494-aa18-68d871b6a4d0
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1011125
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 643625 Sample: fBPLxnorxK Startdate: 10/06/2022 Architecture: LINUX Score: 64 22 173.185.167.210 WINDSTREAMUS United States 2->22 24 94.218.155.35, 23 VODANETInternationalIP-BackboneofVodafoneDE Germany 2->24 26 98 other IPs or domains 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Yara detected Mirai 2->30 32 Uses known network protocols on non-standard ports 2->32 34 Sample is packed with UPX 2->34 8 fBPLxnorxK 2->8         started        signatures3 process4 process5 10 fBPLxnorxK 8->10         started        12 fBPLxnorxK 8->12         started        14 fBPLxnorxK 8->14         started        process6 16 fBPLxnorxK 10->16         started        18 fBPLxnorxK 10->18         started        20 fBPLxnorxK 10->20         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/5850d800a6b19d010552f5c5a2b4f2cdebb437a5ff5be1c09f3e014c3087e80f/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-06-10 21:08:06 UTC
File Type:
ELF32 Little (Exe)
AV detection:
16 of 40 (40.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lbinqafgwgoqcbks6xc2fnhszxv3in5f75n6dqe7hyauymeh5ahq._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
discovery linux
Link:
https://tria.ge/reports/220610-zyv94abhd4/
Behaviour
Unexpected DNS network traffic destination
Contacts a large (20161) amount of remote hosts
Creates a large amount of network flows
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5850d800a6b19d010552f5c5a2b4f2cdebb437a5ff5be1c09f3e014c3087e80f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 5850d800a6b19d010552f5c5a2b4f2cdebb437a5ff5be1c09f3e014c3087e80f

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2233441/

Comments


Avatar
zbet commented on 2022-06-10 21:07:37 UTC

url : hxxp://62.197.136.92/xnxx/vailon.i486