MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f3d3f40cc6319576e8e256e1ed4877ceddf8ef23abac825820decde4080f39c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f3d3f40cc6319576e8e256e1ed4877ceddf8ef23abac825820decde4080f39c
SHA3-384 hash: 210ab5f39b9d14108c76970b74ddd2ff4f32b474183ad2a8165329208eb019d3be1712f9452cc26c7c2c599819892a66
SHA1 hash: 42a1651c9d7f234b7217a802a43a7142e9093b5a
MD5 hash: 831da18750fbfbbba5db2ee23e32593f
humanhash: social-nevada-cat-batman
File name:b3astmode.arm7
Download: download sample
Signature Mirai
Create hunting rule
File size:46'852 bytes
First seen:2021-12-03 17:00:05 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:cHq8XdG1zvTZB9I3EETNRLbBGdy86lUnlNnkDhbp/9q3UELMyBZ25Z7X30kI:cHq8XdKzLX9IU8LcJnn0aLMHFrI
TLSH T1212302B90B0599215E7E9EB9E9B406812F970F7DDCCA288D50B453E93A405933CF4A8F
Reporter tolisec
Tags:mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
165
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Mirai-9837848-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/61aa4d1847ed217c0130150e/reports/43446ede-fc9b-4151-a5cb-2d0a3330e377/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
103.246.145.79:80/beastmode
Number of open files:
52
Number of processes launched:
7
Processes remaning?
false
Remote TCP ports scanned:
5501,37215
Full report:
https://elfdigest.com/brief/6f3d3f40cc6319576e8e256e1ed4877ceddf8ef23abac825820decde4080f39c
Behaviour
Information Gathering
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4cfe2bc2-0e7b-474e-a732-4f9fd5109a89
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/901042
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 533524 Sample: b3astmode.arm7 Startdate: 03/12/2021 Architecture: LINUX Score: 64 28 173.184.40.89 WINDSTREAMUS United States 2->28 30 206.217.236.68, 5501 WINDSTREAMUS United States 2->30 32 98 other IPs or domains 2->32 34 Multi AV Scanner detection for submitted file 2->34 36 Yara detected Mirai 2->36 38 Uses known network protocols on non-standard ports 2->38 40 Sample is packed with UPX 2->40 8 b3astmode.arm7 2->8         started        10 systemd sshd 2->10         started        12 systemd sshd 2->12         started        signatures3 process4 process5 14 b3astmode.arm7 8->14         started        16 b3astmode.arm7 8->16         started        18 b3astmode.arm7 8->18         started        process6 20 b3astmode.arm7 14->20         started        22 b3astmode.arm7 14->22         started        24 b3astmode.arm7 14->24         started        26 b3astmode.arm7 14->26         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/6f3d3f40cc6319576e8e256e1ed4877ceddf8ef23abac825820decde4080f39c/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2021-12-03 17:00:12 UTC
File Type:
ELF32 Little (Exe)
AV detection:
16 of 45 (35.56%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
linux
Link:
https://tria.ge/reports/211203-vhz6wscad5/
Behaviour
Reads runtime system information
Reads system network configuration
Enumerates active TCP sockets
Write file to user bin folder
Writes file to system bin folder
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.32
Link:
https://yomi.yoroi.company/submissions/6f3d3f40cc6319576e8e256e1ed4877ceddf8ef23abac825820decde4080f39c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 6f3d3f40cc6319576e8e256e1ed4877ceddf8ef23abac825820decde4080f39c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1848819/
  
Delivery method
Distributed via web download

Comments