MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d58b8f0e4d0496202a7612d1a6bc5ad69e2fc8d4e1e3891536aad548ca25626. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	6d58b8f0e4d0496202a7612d1a6bc5ad69e2fc8d4e1e3891536aad548ca25626
SHA3-384 hash:	3e35ee2a9a6317a68e0d659c28224533b69bb569c56bf56715a2a9996c992cbd70a4b74edbdb0db94ed9e32993a5b171
SHA1 hash:	a2d5f05421672f78653a98e88a51f416c75e1782
MD5 hash:	fd3b9b33d1ae6ba444349d05b828ba37
humanhash:	illinois-virginia-alaska-north
File name:	bot.arm
Download:	download sample
Signature	Mirai Create hunting rule
File size:	28'108 bytes
First seen:	2022-06-11 20:50:05 UTC
Last seen:	2022-06-14 04:46:29 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	768:KwxlCM2NWBVw6g+dPGzCpR1zm0s3Uozho:K0lCTNWBVl34WpRFUzq
TLSH	T18BC2D01053CB98B5EBF00478D95F8399029A6FF525FD3A7A1A18C3D8B7809CA4C6C1DE
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter	tolisec
Tags:	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

470

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Siggen.9999.26545.22544.UNOFFICIAL

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/62a5000e24ded2bdf721816e/reports/e7f44a85-cf45-4cd5-83eb-239ca8076802/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

UPX

Botnet:

62.197.136.92:80/pumaxnxx

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

Full report:

https://elfdigest.com/brief/6d58b8f0e4d0496202a7612d1a6bc5ad69e2fc8d4e1e3891536aad548ca25626

Behaviour

Information Gathering

Botnet C2s

TCP botnet C2(s):

62.197.136.92:9506

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6bf2a642-cd00-411a-8f01-b30bc1c8a210

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1011500

Signature

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Uses known network protocols on non-standard ports

Behaviour

Behavior Graph:

Download SVG

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/6d58b8f0e4d0496202a7612d1a6bc5ad69e2fc8d4e1e3891536aad548ca25626/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2022-06-11 06:28:22 UTC

File Type:

ELF32 Little (Exe)

AV detection:

12 of 41 (29.27%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nvmlr4he2beweavhmewru26fvvu6f7enjypdrektnkwvjdfckyta._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/220611-zm5pdsfhfj/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/6d58b8f0e4d0496202a7612d1a6bc5ad69e2fc8d4e1e3891536aad548ca25626

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 6d58b8f0e4d0496202a7612d1a6bc5ad69e2fc8d4e1e3891536aad548ca25626

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2223339/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2234424/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample