MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72299a7a7f5587c72cdadf954c751b015c9e391789eca07ec0ab6e4447f9237f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72299a7a7f5587c72cdadf954c751b015c9e391789eca07ec0ab6e4447f9237f
SHA3-384 hash: 3ddd3fc9d441e88042f9c29870644b6fdb8bfe04160175af815af536bc445e3f455aeec69a3ad18eb173e66b84746384
SHA1 hash: b7f6d999edd760e95b88ce4de48e4a5c84a1602f
MD5 hash: 9d301b5475389c81a0d3fc551e27c181
humanhash: speaker-november-grey-oklahoma
File name:arm
Download: download sample
Signature Mirai
Create hunting rule
File size:72'916 bytes
First seen:2021-11-27 22:50:08 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:b9iZITLJhiCl7hp2zFNAiQiCRLsqbSSsUHkLvonV:b9ig9hiytcRraLsqZJgQV
TLSH T11C633981BC919A02CAC012B6FE5F519E371613D9D2EA3217EC15AF2077CB91B0E7B256
telfhash t13a41cef68b710aec2be9d78842cf506c8ab935ba5f112c5a8748b75fc0931c1f21ec16
Reporter tolisec
Tags:mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135881-0
Create hunting rule

Unix.Dropper.Mirai-7135996-0
Create hunting rule

Unix.Dropper.Mirai-7136015-0
Create hunting rule

Unix.Dropper.Mirai-7136033-0
Create hunting rule

Unix.Trojan.Mirai-9807962-0
Create hunting rule

Unix.Trojan.Mirai-9808381-0
Create hunting rule

Unix.Trojan.Mirai-9876194-0
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/61a2b65cb71ceed41533b68c/reports/4638caf5-dcd5-4cd0-b642-c12d245a8ed8/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
103.246.145.79:80/bins
Number of open files:
31
Number of processes launched:
4
Processes remaning?
true
Remote TCP ports scanned:
2323,23
Full report:
https://elfdigest.com/brief/72299a7a7f5587c72cdadf954c751b015c9e391789eca07ec0ab6e4447f9237f
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
103.246.145.79:5555
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/25e905c6-37df-4e72-98d9-168af8e303fc
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/897225
Signature
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 529704 Sample: arm Startdate: 28/11/2021 Architecture: LINUX Score: 72 51 13.20.51.59 XEROX-ELLUS United States 2->51 53 23.177.67.99 TWC-20001-PACWESTUS Reserved 2->53 55 98 other IPs or domains 2->55 57 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Mirai 2->61 9 systemd logrotate 2->9         started        11 systemd mandb arm 2->11         started        13 systemd install 2->13         started        15 systemd find 2->15         started        signatures3 process4 process5 17 logrotate sh 9->17         started        19 logrotate sh 9->19         started        21 logrotate sh 9->21         started        25 4 other processes 9->25 23 arm 11->23         started        process6 27 sh invoke-rc.d 17->27         started        29 sh rsyslog-rotate 19->29         started        31 sh rsyslog-rotate 21->31         started        33 arm 23->33         started        35 arm 23->35         started        37 arm 23->37         started        process7 39 invoke-rc.d runlevel 27->39         started        41 invoke-rc.d systemctl 27->41         started        43 invoke-rc.d ls 27->43         started        45 invoke-rc.d systemctl 27->45         started        47 rsyslog-rotate systemctl 29->47         started        49 rsyslog-rotate systemctl 31->49         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/72299a7a7f5587c72cdadf954c751b015c9e391789eca07ec0ab6e4447f9237f/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2021-11-27 22:51:11 UTC
File Type:
ELF32 Little (Exe)
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/211127-2stv7ahae4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/72299a7a7f5587c72cdadf954c751b015c9e391789eca07ec0ab6e4447f9237f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 72299a7a7f5587c72cdadf954c751b015c9e391789eca07ec0ab6e4447f9237f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1826524/
  
Delivery method
Distributed via web download

Comments