MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d294e5612b18275d7d84fe86e87ca627f7742be745e82b750e4a18e56928732. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	9d294e5612b18275d7d84fe86e87ca627f7742be745e82b750e4a18e56928732
SHA3-384 hash:	ca79970de92b40543c560840c4293c0d09c36d6073b1cd2a25ff2f7b8dac47f736f7e72e99dd0d7a6d319c1c25be4f2e
SHA1 hash:	8ce67081db61f813d20b22bb4b66d4a83a4de172
MD5 hash:	3131d1635b7c64725b6bf0e5f81b53f0
humanhash:	wisconsin-utah-venus-vegan
File name:	arm7
Download:	download sample
Signature	Mirai Create hunting rule
File size:	58'956 bytes
First seen:	2022-04-14 12:50:04 UTC
Last seen:	2022-04-14 15:50:03 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:+w+KMLxvCy0pbxXxkTwkQz908YosYTsmHdynFLlWz:oKMLNCp/2s/YosYTqzWz
TLSH	T1564302829925DEB0D32524BEBD958619B7092EF4FAFEB9F3172257885EC000025F1BC3
telfhash	t1e29002502f4d1e580b950448002f530680d030a800056215cc4511df5a433913086462
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter	tolisec
Tags:	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

171

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Unix.Trojan.DarkNexus-7679166-0

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/625818b9ffe27d5119ce3f2a/reports/47e2f694-8763-4f62-83be-ed3f3712acce/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

custom

Botnet:

185.44.81.9:80/SBIDIOT

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/9d294e5612b18275d7d84fe86e87ca627f7742be745e82b750e4a18e56928732

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

185.44.81.9:9696

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/664ef52f-6af4-44d5-9263-674318f1fbd3

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/976870

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9d294e5612b18275d7d84fe86e87ca627f7742be745e82b750e4a18e56928732/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2022-04-14 12:51:04 UTC

File Type:

ELF32 Little (Exe)

AV detection:

12 of 26 (46.15%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

7/10

Tags:

linux

Link:

https://tria.ge/reports/220414-p3gbmacde9/

Behaviour

Reads runtime system information

Reads system network configuration

Reads system routing table

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9d294e5612b18275d7d84fe86e87ca627f7742be745e82b750e4a18e56928732

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	upx_antiunpack_elf32 Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	UPX Anti-Unpacking technique to magic renamed for ELF32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 9d294e5612b18275d7d84fe86e87ca627f7742be745e82b750e4a18e56928732

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2147225/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample