MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 624c0b9a53a61232afc77c41e4811250001995ffe4df53c46934eb0e5ceef550. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 624c0b9a53a61232afc77c41e4811250001995ffe4df53c46934eb0e5ceef550
SHA3-384 hash: 9ba1634cc8af34ebd89f5103254d9c36f0c070544ec5b7f0e76b854d813127db8b17215f636b2b8d8fe3fa1e7ddc9d19
SHA1 hash: bff9156c1c6a993ab1529209a8552fe7f1543b9f
MD5 hash: 34c30ac86505409968f0888efc6c0da9
humanhash: jig-king-three-pip
File name:mipsel-20220501-2200
Download: download sample
Signature Mirai
Create hunting rule
File size:29'756 bytes
First seen:2022-05-01 22:00:00 UTC
Last seen:2022-05-04 10:31:51 UTC
File type: elf
MIME type:application/x-executable
ssdeep 384:dq8MwpgfdQW297iiHsU0zUJBql/6YIBF5kfXV4wOD8CVlC9srw4IrRMRqwS5EZj1:hMwnxXASBPuXmwODPZrJsMcl5EZsxWU+
TLSH T1ABD2D0EAE9997D8ACCBD2C3F758D4B7D9E84F001730FDBEA15128C187206A0999059F4
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter tolisec
Tags:mirai

Intelligence

File Origin
# of uploads :
10
# of downloads :
242
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai.53.8740.13712.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug mirai
Link:
https://www.filescan.io/uploads/626f02eec3df631b32c23c03/reports/fb3067c7-7b50-4e09-8a69-ef968866ca5e/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
194.31.98.171
Number of open files:
7
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/624c0b9a53a61232afc77c41e4811250001995ffe4df53c46934eb0e5ceef550
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c22e4a43-2caf-4b29-b9e2-e4df88c14833
Result
Threat name:
Mirai Moobot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/986243
Signature
Multi AV Scanner detection for submitted file
Sample deletes itself
Sample is packed with UPX
Snort IDS alert for network traffic
Uses known network protocols on non-standard ports
Yara detected Mirai
Yara detected Moobot
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 618745 Sample: mipsel-20220501-2200 Startdate: 02/05/2022 Architecture: LINUX Score: 84 44 xbot.solutions 2->44 46 78.30.137.26, 23 YUNET-ASRS Serbia 2->46 48 99 other IPs or domains 2->48 50 Snort IDS alert for network traffic 2->50 52 Multi AV Scanner detection for submitted file 2->52 54 Yara detected Moobot 2->54 56 3 other signatures 2->56 9 systemd logrotate 2->9         started        11 dash rm mipsel-20220501-2200 2->11         started        14 python3.8 uname 2->14         started        16 12 other processes 2->16 signatures3 process4 signatures5 18 logrotate sh 9->18         started        20 logrotate sh 9->20         started        22 logrotate gzip 9->22         started        24 logrotate gzip 9->24         started        58 Sample deletes itself 11->58 26 mipsel-20220501-2200 11->26         started        process6 process7 28 sh invoke-rc.d 18->28         started        30 sh rsyslog-rotate 20->30         started        32 mipsel-20220501-2200 26->32         started        process8 34 invoke-rc.d runlevel 28->34         started        36 invoke-rc.d systemctl 28->36         started        38 invoke-rc.d ls 28->38         started        40 invoke-rc.d systemctl 28->40         started        42 rsyslog-rotate systemctl 30->42         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/624c0b9a53a61232afc77c41e4811250001995ffe4df53c46934eb0e5ceef550/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-05-01 18:53:00 UTC
File Type:
ELF32 Little (Exe)
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery linux suricata
Link:
https://tria.ge/reports/220501-1wmqlsagbl/
Behaviour
Creates a large amount of network flows
Contacts a large (92960) amount of remote hosts
suricata: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
suricata: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/624c0b9a53a61232afc77c41e4811250001995ffe4df53c46934eb0e5ceef550

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 624c0b9a53a61232afc77c41e4811250001995ffe4df53c46934eb0e5ceef550

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2127947/
  
Delivery method
Distributed via web download

Comments