MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7708dd0bb9f300ef1b1e6b27b029a30f982fcf1ac3413c795668b547de0f25ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7708dd0bb9f300ef1b1e6b27b029a30f982fcf1ac3413c795668b547de0f25ee
SHA3-384 hash: e11e8eefd2597a0b90087e01494c9cdef15c98699ef60ad83fedcbfdd7b99827bd090246b804f7db4ba1c519fc52852a
SHA1 hash: acc60e9ec1de45b3c352b01570aadbaa16779598
MD5 hash: 390266ab628b58bb1ac83dedee56ae8e
humanhash: aspen-london-orange-summer
File name:390266ab628b58bb1ac83dedee56ae8e
Download: download sample
Signature Mirai
Create hunting rule
File size:47'628 bytes
First seen:2022-03-24 23:08:31 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:KEHfplpEIdNooGMXm6IiY8BNzXzt2aW/6CXQb3ERDJgGlzDpbuR1Jp:nEnSjfXzrY6B0R5VJu3
TLSH T16823F199143CDACBF50AF4B114A8176049254FB29907F96FBD0EA517AF44DEC9803DEC
Reporter zbetcheckin
Tags:32 elf mips mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
253
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai.4514.20175.6593.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/623cfa1e9253b276b765d1fd/reports/b99b85eb-aeb5-47b8-81f6-fa9f371eee37/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
unknown
Number of open files:
3
Number of processes launched:
11
Processes remaning?
true
Remote TCP ports scanned:
37215,52869,23
Full report:
https://elfdigest.com/brief/7708dd0bb9f300ef1b1e6b27b029a30f982fcf1ac3413c795668b547de0f25ee
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
2.56.57.187:6745
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/9b2f8a93-96a7-481e-98f2-57387e4caa86
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
spre.troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/964190
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 596674 Sample: mO3rdPdyyX Startdate: 25/03/2022 Architecture: LINUX Score: 64 56 Multi AV Scanner detection for submitted file 2->56 58 Yara detected Mirai 2->58 60 Sample is packed with UPX 2->60 9 systemd logrotate 2->9         started        11 systemd mandb mO3rdPdyyX 2->11         started        13 systemd install 2->13         started        15 systemd find 2->15         started        process3 process4 17 logrotate sh 9->17         started        19 logrotate sh 9->19         started        21 logrotate gzip 9->21         started        23 logrotate gzip 9->23         started        25 mO3rdPdyyX 11->25         started        27 mO3rdPdyyX 11->27         started        29 mO3rdPdyyX 11->29         started        31 3 other processes 11->31 process5 33 sh invoke-rc.d 17->33         started        35 sh rsyslog-rotate 19->35         started        37 mO3rdPdyyX 25->37         started        40 mO3rdPdyyX 25->40         started        signatures6 42 invoke-rc.d runlevel 33->42         started        44 invoke-rc.d systemctl 33->44         started        46 invoke-rc.d ls 33->46         started        48 invoke-rc.d systemctl 33->48         started        50 rsyslog-rotate systemctl 35->50         started        62 Sample tries to kill multiple processes (SIGKILL) 37->62 52 mO3rdPdyyX 40->52         started        process7 process8 54 mO3rdPdyyX 52->54         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/7708dd0bb9f300ef1b1e6b27b029a30f982fcf1ac3413c795668b547de0f25ee/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-03-24 23:09:12 UTC
File Type:
ELF32 Big (Exe)
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
linux
Link:
https://tria.ge/reports/220324-245f3acdcq/
Behaviour
Reads runtime system information
Reads system network configuration
Enumerates active TCP sockets
Modifies hosts file
Modifies the Watchdog daemon
Writes file to system bin folder
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.23
Link:
https://yomi.yoroi.company/submissions/7708dd0bb9f300ef1b1e6b27b029a30f982fcf1ac3413c795668b547de0f25ee

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 7708dd0bb9f300ef1b1e6b27b029a30f982fcf1ac3413c795668b547de0f25ee

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2114496/

Comments


Avatar
zbet commented on 2022-03-24 23:08:33 UTC

url : hxxp://2.56.57.187/bins/mips