MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e8755348f8c2bd8751be7fd4dc148993a7d6def3e5b2dbef2e1cba28f9337b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	9e8755348f8c2bd8751be7fd4dc148993a7d6def3e5b2dbef2e1cba28f9337b9
SHA3-384 hash:	e901edf0096a40292693668bd330744c99e68896b494b6e37d77f935b8cb1322095d9efdd35054e56ec8303a0fb4ff2d
SHA1 hash:	63b1f495258dd2aa4e7bde8a24c61ed257ca3080
MD5 hash:	1e57a98da7ed7c9ee216cf4109db6411
humanhash:	mexico-cold-diet-uranus
File name:	meerkat.arm
Download:	download sample
Signature	Mirai Create hunting rule
File size:	28'892 bytes
First seen:	2021-11-25 09:00:07 UTC
Last seen:	2021-11-25 10:42:13 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	384:YsXTsXqPPk1zzqnZu/k32+3A1u2UxSKTgHPYsNKfS/bMU/QQNDRhymdGUop5hf:Y3akDaW1unxSKTRObvzNFs3UozZ
TLSH	T18AD2D0F8C22D16BB87109C35B99883865B670BB921EF7415106129D8FA83C5FE9E5E0B
Reporter	tolisec
Tags:	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

110

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Mirai.A.10417.11992.UNOFFICIAL

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/619f509a02c80febc2a8fcfe/reports/e72bb499-957a-4e70-ae42-c343b0d8e6ee/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

UPX

Botnet:

107.189.8.97:80/bins

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

2323,23

Full report:

https://elfdigest.com/brief/9e8755348f8c2bd8751be7fd4dc148993a7d6def3e5b2dbef2e1cba28f9337b9

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

107.189.8.97:34129

UDP botnet C2(s):

not identified

Result

Verdict:

UNKNOWN

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e1c0ee55-016c-4205-95af-54d56ed5d9d3

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/895968

Signature

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/9e8755348f8c2bd8751be7fd4dc148993a7d6def3e5b2dbef2e1cba28f9337b9/

Threat name:

Linux.Trojan.Multiverze

Status:

Malicious

First seen:

2021-11-25 09:01:11 UTC

File Type:

ELF32 Little (Exe)

AV detection:

13 of 27 (48.15%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/211125-kywtasaad6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/9e8755348f8c2bd8751be7fd4dc148993a7d6def3e5b2dbef2e1cba28f9337b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 9e8755348f8c2bd8751be7fd4dc148993a7d6def3e5b2dbef2e1cba28f9337b9

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1815843/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample