MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 851cfd804618e6c653784e3fdd5866b9efad42c02b188cc0415f4f8fb05bbef1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 851cfd804618e6c653784e3fdd5866b9efad42c02b188cc0415f4f8fb05bbef1
SHA3-384 hash: a44761acb01afa0d02dd9aef99445288af7d43f33e8737df14d7671b116c8ddd9f66b4cbca051f7286a4d6d3afbbeb99
SHA1 hash: c358772de4db5eebd96aad75d3b9fc951b5715c0
MD5 hash: 457ecdf891ccb0610a096c3cfaeb3844
humanhash: nevada-ack-salami-lion
File name:457ecdf891ccb0610a096c3cfaeb3844
Download: download sample
Signature Mirai
Create hunting rule
File size:34'852 bytes
First seen:2021-11-29 09:13:47 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:NeOdOoRwYOsrGLw5xH/kgW/dtcgYvBEGJWHXynbcuyD7Uryq+:nEQGLMxH8g6LcguGGSXynouy8mq+
TLSH T187F2F12901C76359D16CD2797C8FB91A6010470FE45A526077EC7237EEA4BDC2E18B7B
Reporter zbetcheckin
Tags:32 elf gafgyt intel mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.DarkNexus-7679166-0
Create hunting rule

Unix.Trojan.Mirai-7669677-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/61a499ddbbfd2af97cb98efb/reports/0d8d5ea1-1e60-48ab-a3cf-5bbdc2eb2296/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
custom
Botnet:
unknown
Number of open files:
2
Number of processes launched:
3
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/851cfd804618e6c653784e3fdd5866b9efad42c02b188cc0415f4f8fb05bbef1
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
54.37.79.0:666
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/03f13d00-c54e-4274-a3f6-d6d767f6f26f
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
spre.troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/897772
Signature
Multi AV Scanner detection for submitted file
Opens /proc/net/* files useful for finding connected devices and routers
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 530262 Sample: dnPvdw44MX Startdate: 29/11/2021 Architecture: LINUX Score: 60 21 77.209.169.108, 23, 43898 VODAFONE_ESES Spain 2->21 23 113.179.37.107, 23, 53160 VNPT-AS-VNVNPTCorpVN Viet Nam 2->23 25 8 other IPs or domains 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 Yara detected Mirai 2->29 8 dnPvdw44MX 2->8         started        11 dash cut 2->11         started        13 dash tr 2->13         started        15 7 other processes 2->15 signatures3 process4 signatures5 31 Opens /proc/net/* files useful for finding connected devices and routers 8->31 17 dnPvdw44MX 8->17         started        process6 process7 19 dnPvdw44MX 17->19         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/851cfd804618e6c653784e3fdd5866b9efad42c02b188cc0415f4f8fb05bbef1/
Threat name:
Linux.Trojan.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2021-11-28 02:20:09 UTC
File Type:
ELF32 Little (Exe)
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/211129-k7bvgsehd9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/851cfd804618e6c653784e3fdd5866b9efad42c02b188cc0415f4f8fb05bbef1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 851cfd804618e6c653784e3fdd5866b9efad42c02b188cc0415f4f8fb05bbef1

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1831552/

Comments


Avatar
zbet commented on 2021-11-29 09:13:49 UTC

url : hxxp://54.37.79.0/SBIDIOT/root.keen.onion.1337