MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad36d2cac5800f2fc6456cebbacbeeedd29b7dd89b186a3ec69df40696ba526b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad36d2cac5800f2fc6456cebbacbeeedd29b7dd89b186a3ec69df40696ba526b
SHA3-384 hash: 633050f76d12d3e93b706325e267457f9bfc1f8d5257d4540cc9c0e3a1aeffc424f1433ffc4f675858d4009c599db267
SHA1 hash: 8ccf519b3f8b813037388a4ce8b130949a186696
MD5 hash: e66b3de4c9d57ece786d947f9b7b29eb
humanhash: undress-lamp-eight-romeo
File name:e66b3de4c9d57ece786d947f9b7b29eb
Download: download sample
Signature Mirai
Create hunting rule
File size:68'352 bytes
First seen:2021-11-27 23:25:10 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:22uu2JmNsiaQPlge9LM3bvyu/rQUSe4yjCPyxp:2+DPGOLE/dSefjhp
TLSH T18B63390177584E43D1A21EF9393F17E593EEEE8021F4FA842A0FD64A5271E33494AF99
Reporter zbetcheckin
Tags:32 elf mirai powerpc

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135881-0
Create hunting rule

Unix.Dropper.Mirai-7135957-0
Create hunting rule

Unix.Dropper.Mirai-7135996-0
Create hunting rule

Unix.Dropper.Mirai-7136015-0
Create hunting rule

Unix.Dropper.Mirai-7136033-0
Create hunting rule

Unix.Trojan.Mirai-9807962-0
Create hunting rule

Unix.Trojan.Mirai-9808381-0
Create hunting rule

Unix.Trojan.Mirai-9876194-0
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
67%
Tags:
anti-debug gafgyt mirai
Link:
https://www.filescan.io/uploads/61a2be8ef36138de3f42b816/reports/ac29b22d-f890-427e-8d71-8a639be733db/overview
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/22347953-0964-423b-89fa-75b4dda7ba0d
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/897230
Signature
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 529708 Sample: WzwJmknZ2G Startdate: 28/11/2021 Architecture: LINUX Score: 68 51 13.22.92.205, 23 XEROX-ELLUS United States 2->51 53 14.190.83.181 VNPT-AS-VNVNPTCorpVN Viet Nam 2->53 55 98 other IPs or domains 2->55 57 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Mirai 2->61 63 Uses known network protocols on non-standard ports 2->63 9 systemd logrotate 2->9         started        11 systemd mandb WzwJmknZ2G 2->11         started        13 systemd install 2->13         started        15 systemd find 2->15         started        signatures3 process4 process5 17 logrotate sh 9->17         started        19 logrotate sh 9->19         started        21 logrotate sh 9->21         started        25 4 other processes 9->25 23 WzwJmknZ2G 11->23         started        process6 27 sh invoke-rc.d 17->27         started        29 sh rsyslog-rotate 19->29         started        31 sh rsyslog-rotate 21->31         started        33 WzwJmknZ2G 23->33         started        35 WzwJmknZ2G 23->35         started        37 WzwJmknZ2G 23->37         started        process7 39 invoke-rc.d runlevel 27->39         started        41 invoke-rc.d systemctl 27->41         started        43 invoke-rc.d ls 27->43         started        45 invoke-rc.d systemctl 27->45         started        47 rsyslog-rotate systemctl 29->47         started        49 rsyslog-rotate systemctl 31->49         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/ad36d2cac5800f2fc6456cebbacbeeedd29b7dd89b186a3ec69df40696ba526b/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2021-11-27 23:26:11 UTC
File Type:
ELF32 Big (Exe)
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/211127-3evq1aeahr/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ad36d2cac5800f2fc6456cebbacbeeedd29b7dd89b186a3ec69df40696ba526b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf ad36d2cac5800f2fc6456cebbacbeeedd29b7dd89b186a3ec69df40696ba526b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1826521/

Comments


Avatar
zbet commented on 2021-11-27 23:25:12 UTC

url : hxxp://103.246.145.79/bins/ppc