MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ba1813314119c4892b8f4e0022cd3d48baad486a7a22149b29ecbfa5a4d3487. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ba1813314119c4892b8f4e0022cd3d48baad486a7a22149b29ecbfa5a4d3487
SHA3-384 hash: ee8cdd596ec81a6418bd5d845b06bd184ea0b298e49f3286be480049ca669b0e4610c27b243a12659103e902370d9578
SHA1 hash: 8440088d52d5bb4843da96df82ef410125009ff1
MD5 hash: a4070185f38fce78e0573d6c6ab3b3b7
humanhash: happy-blossom-california-river
File name:vailon.mips
Download: download sample
Signature Mirai
Create hunting rule
File size:29'764 bytes
First seen:2022-06-10 11:52:07 UTC
Last seen:2022-06-10 16:05:24 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:C6fVfZgQzx415XnvTzfDVk4y+9LUuCN+/EfQJ0JgGlzDpbuR1Jf:CuXSXvTuELaN7KsVJuJ
TLSH T1C9D2CFBD972A8595ED1AA07A2FD413F03E340F33DD0158463E4D9A83CC9AA9C7C985E6
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter tolisec
Tags:mirai

Intelligence

File Origin
# of uploads :
5
# of downloads :
252
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Siggen.9999.4730.22316.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62a33081a454cbb2f2ef5bd6/reports/e5c050dd-21e7-445f-99f6-28a4930bf910/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
62.197.136.92/xnxx
Number of open files:
15
Number of processes launched:
7
Processes remaning?
false
Remote TCP ports scanned:
23
Full report:
https://elfdigest.com/brief/9ba1813314119c4892b8f4e0022cd3d48baad486a7a22149b29ecbfa5a4d3487
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
62.197.136.92:9506
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e80027eb-945f-4890-bac2-30043ef81ab2
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1010808
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 643321 Sample: vailon.mips Startdate: 10/06/2022 Architecture: LINUX Score: 64 22 105.246.145.189 Vodacom-VBZA South Africa 2->22 24 213.117.33.121, 23 UUNETUS European Union 2->24 26 98 other IPs or domains 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Yara detected Mirai 2->30 32 Uses known network protocols on non-standard ports 2->32 34 Sample is packed with UPX 2->34 8 vailon.mips 2->8         started        signatures3 process4 process5 10 vailon.mips 8->10         started        12 vailon.mips 8->12         started        14 vailon.mips 8->14         started        process6 16 vailon.mips 10->16         started        18 vailon.mips 10->18         started        20 vailon.mips 10->20         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9ba1813314119c4892b8f4e0022cd3d48baad486a7a22149b29ecbfa5a4d3487/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-06-10 11:53:04 UTC
File Type:
ELF32 Big (Exe)
AV detection:
14 of 40 (35.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=toqycmyucgoerevy6tqaelgt2sf2vvegu6rccsnst3f7uwsngsdq._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
discovery linux
Link:
https://tria.ge/reports/220610-n2aa9aagbl/
Behaviour
Reads runtime system information
Reads system network configuration
Enumerates active TCP sockets
Contacts a large (20273) amount of remote hosts
Creates a large amount of network flows
Modifies the Watchdog daemon
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9ba1813314119c4892b8f4e0022cd3d48baad486a7a22149b29ecbfa5a4d3487

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 9ba1813314119c4892b8f4e0022cd3d48baad486a7a22149b29ecbfa5a4d3487

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2223338/
  
Delivery method
Distributed via web download

Comments