MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab7758ef7bd6258cdbd790e46e95262532eaf9d169170d55d6b6bd9cb24a5aaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab7758ef7bd6258cdbd790e46e95262532eaf9d169170d55d6b6bd9cb24a5aaa
SHA3-384 hash: b87e1668a8d121b30d8e0194078ca6e334a4d26a2a10f0d7b5537d7aafd58b306d7ca6b4bb8f0e8160a8ae0a98b0fda7
SHA1 hash: 43e1a410a761143f6ebab27315f2c42ef46a7517
MD5 hash: b72b3dc3cead7594f031898f41eaec24
humanhash: kansas-magnesium-summer-floor
File name:sora.arm
Download: download sample
Signature Mirai
Create hunting rule
File size:25'004 bytes
First seen:2022-05-04 21:50:06 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:5X9nxn8o9wnBoWzEQf2EjKb3p3eAs3UozN:5tn+o9wjfBAZ3e1zN
TLSH T151B2D0717015F8B2C7E50077A9EDDB83FB800EF8D0E8B3295469099DAAD5842BBF1147
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter tolisec
Tags:mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
238
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Mirai-7853646-0
Create hunting rule

Unix.Dropper.Mirai-8011185-0
Create hunting rule

Unix.Trojan.Mirai-8274771-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/6272f518801e66012b284182/reports/db801bc8-9d54-4f0d-aa56-4ef6661b148d/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
45.95.169.124:80/bins
Number of open files:
56
Number of processes launched:
13
Processes remaning?
true
Remote TCP ports scanned:
23
Full report:
https://elfdigest.com/brief/ab7758ef7bd6258cdbd790e46e95262532eaf9d169170d55d6b6bd9cb24a5aaa
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
45.95.169.124:1312
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2820f700-ecff-4b8e-acd4-a3ca687c8bd6
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
spre.troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/988105
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 620603 Sample: sora.arm Startdate: 05/05/2022 Architecture: LINUX Score: 64 53 168.121.252.81 holnetinternetproviderBR Brazil 2->53 55 165.218.68.26, 23 WISCNET1-ASUS United States 2->55 57 98 other IPs or domains 2->57 61 Multi AV Scanner detection for submitted file 2->61 63 Yara detected Mirai 2->63 65 Sample is packed with UPX 2->65 9 systemd mandb sora.arm 2->9         started        11 systemd logrotate 2->11         started        13 systemd install 2->13         started        15 systemd find 2->15         started        signatures3 process4 process5 17 sora.arm 9->17         started        19 sora.arm 9->19         started        22 sora.arm 9->22         started        24 logrotate sh 11->24         started        26 logrotate sh 11->26         started        28 logrotate gzip 11->28         started        30 logrotate gzip 11->30         started        signatures6 32 sora.arm 17->32         started        35 sora.arm 17->35         started        37 sora.arm 17->37         started        67 Sample tries to kill multiple processes (SIGKILL) 19->67 39 sh invoke-rc.d 24->39         started        41 sh rsyslog-rotate 26->41         started        process7 signatures8 59 Sample tries to kill multiple processes (SIGKILL) 32->59 43 invoke-rc.d runlevel 39->43         started        45 invoke-rc.d systemctl 39->45         started        47 invoke-rc.d ls 39->47         started        49 invoke-rc.d systemctl 39->49         started        51 rsyslog-rotate systemctl 41->51         started        process9
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/ab7758ef7bd6258cdbd790e46e95262532eaf9d169170d55d6b6bd9cb24a5aaa/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-05-04 21:51:06 UTC
File Type:
ELF32 Little (Exe)
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/220504-1qgbmsegb4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ab7758ef7bd6258cdbd790e46e95262532eaf9d169170d55d6b6bd9cb24a5aaa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf ab7758ef7bd6258cdbd790e46e95262532eaf9d169170d55d6b6bd9cb24a5aaa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2178653/
  
Delivery method
Distributed via web download

Comments