MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 808306940bd683b4426621c921240303437618469da8639253be1ac710381a09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 808306940bd683b4426621c921240303437618469da8639253be1ac710381a09
SHA3-384 hash: 593db3b42acf03e22fdf8b7db1aa7ca870c414f3f7f2aaa6109205c77e259cfe70b210b43520317d09db2773c41d5845
SHA1 hash: 1b32a23180d120da05800543c23269fc415f16f4
MD5 hash: 9927e83c4879e2ae251c666a770e5232
humanhash: lithium-sixteen-pip-asparagus
File name:9927e83c4879e2ae251c666a770e5232
Download: download sample
Signature Mirai
Create hunting rule
File size:73'524 bytes
First seen:2022-04-10 10:26:56 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:awW0PKt9cwxjQ/UIXIdZzN3aD8Utia84GLf84Eo5WOK+7c4R6yN:awsgGdZzN2FtijjESWBryN
TLSH T132732ADAB800DEBCF40ADAB68557490BF531A3518E930F36662BFD837D720A44D27D86
Reporter zbetcheckin
Tags:32 elf mirai motorola

Intelligence

File Origin
# of uploads :
1
# of downloads :
248
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Mirai-6981989-0
Create hunting rule

Unix.Dropper.Mirai-7136015-0
Create hunting rule

Unix.Trojan.Gafgyt-7782058-0
Create hunting rule

Unix.Trojan.Mirai-9876194-0
Create hunting rule

Unix.Trojan.Mirai-9940650-0
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
anti-debug remote.exe
Link:
https://www.filescan.io/uploads/6252b0f804b81dabe2727bd7/reports/ca3cc96a-cad4-4a55-a196-b4fe15037c95/overview
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/31eea704-fd71-4d77-aacf-9f50e67e1598
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/974004
Signature
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 606491 Sample: hpv8ziN5Wi Startdate: 10/04/2022 Architecture: LINUX Score: 76 18 13.30.179.63 XEROX-WVUS United States 2->18 20 5.92.253.250 VODAFONE-IT-ASNIT Italy 2->20 22 98 other IPs or domains 2->22 24 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Yara detected Mirai 2->28 30 Uses known network protocols on non-standard ports 2->30 8 hpv8ziN5Wi 2->8         started        signatures3 process4 process5 10 hpv8ziN5Wi 8->10         started        process6 12 hpv8ziN5Wi 10->12         started        14 hpv8ziN5Wi 10->14         started        16 hpv8ziN5Wi 10->16         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/808306940bd683b4426621c921240303437618469da8639253be1ac710381a09/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-04-10 10:27:06 UTC
File Type:
ELF32 Big (Exe)
AV detection:
18 of 25 (72.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/220410-mg3xdshefm/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.03
Link:
https://yomi.yoroi.company/submissions/808306940bd683b4426621c921240303437618469da8639253be1ac710381a09

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 808306940bd683b4426621c921240303437618469da8639253be1ac710381a09

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2139834/

Comments


Avatar
zbet commented on 2022-04-10 10:26:57 UTC

url : hxxp://2.56.59.37/bins/m68k