MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b09a99971437e00e465ab6a78eba7e134d7500327707cc8b52706f9e7ccf5691. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b09a99971437e00e465ab6a78eba7e134d7500327707cc8b52706f9e7ccf5691
SHA3-384 hash: 7d66e8da3e666bfbe6c4882e713132cf8078980ac89ef933da61f98a8a44d098b7064487135c9eba9a2f1b39bd0a06c2
SHA1 hash: 6df0915b09caa427afe192b42b8ff729ee6260b1
MD5 hash: 4548f3e085318bbcf097841eab3ca7ee
humanhash: utah-glucose-eleven-oregon
File name:4548f3e085318bbcf097841eab3ca7ee
Download: download sample
Signature Mirai
Create hunting rule
File size:60'412 bytes
First seen:2022-04-16 23:09:12 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:eLobAxU6q9Hfymp0xginuYvCkLB6WsTwIC1DQdszoDaS0O+DCD+:eL0AxvSHfymp0xgunvCkV6vTMDauV
TLSH T1F3432925AD792E26C0D8B57E11F78724F2E2620E25B8C65E3C721E4EEF04740A5537BA
Reporter zbetcheckin
Tags:32 elf mirai sparc

Intelligence

File Origin
# of uploads :
1
# of downloads :
364
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135890-0
Create hunting rule

Unix.Dropper.Mirai-7135939-0
Create hunting rule

Unix.Dropper.Mirai-7136025-0
Create hunting rule

Unix.Trojan.Mirai-9819563-0
Create hunting rule

Unix.Trojan.Mirai-9820623-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug gafgyt mirai
Link:
https://www.filescan.io/uploads/625b4ccbeab80a7a6c29a4de/reports/34427d2a-cb0a-4750-82f6-4dd9b34c913c/overview
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/acbd0741-a290-44b8-adcb-7496bf063f41
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/977763
Signature
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 610250 Sample: HcYMI1DDbn Startdate: 17/04/2022 Architecture: LINUX Score: 60 81 196.142.99.45 Vodafone-EG Egypt 2->81 83 189.232.71.28 UninetSAdeCVMX Mexico 2->83 85 98 other IPs or domains 2->85 87 Multi AV Scanner detection for submitted file 2->87 89 Yara detected Mirai 2->89 91 Uses known network protocols on non-standard ports 2->91 11 systemd logrotate 2->11         started        13 systemd mandb HcYMI1DDbn 2->13         started        15 systemd install 2->15         started        17 systemd find 2->17         started        signatures3 process4 process5 19 logrotate sh 11->19         started        21 logrotate sh 11->21         started        23 logrotate sh 11->23         started        31 4 other processes 11->31 25 HcYMI1DDbn 13->25         started        27 HcYMI1DDbn 13->27         started        29 HcYMI1DDbn 13->29         started        process6 33 sh invoke-rc.d 19->33         started        35 sh rsyslog-rotate 21->35         started        37 sh rsyslog-rotate 23->37         started        39 HcYMI1DDbn 25->39         started        41 HcYMI1DDbn 25->41         started        43 HcYMI1DDbn 27->43         started        45 HcYMI1DDbn 27->45         started        47 HcYMI1DDbn 27->47         started        49 HcYMI1DDbn 27->49         started        process7 51 invoke-rc.d runlevel 33->51         started        63 3 other processes 33->63 53 rsyslog-rotate systemctl 35->53         started        55 rsyslog-rotate systemctl 37->55         started        57 HcYMI1DDbn 39->57         started        65 3 other processes 39->65 67 3 other processes 43->67 59 HcYMI1DDbn 45->59         started        61 HcYMI1DDbn 47->61         started        process8 69 HcYMI1DDbn 57->69         started        71 HcYMI1DDbn 57->71         started        73 HcYMI1DDbn 57->73         started        75 HcYMI1DDbn 65->75         started        77 HcYMI1DDbn 67->77         started        process9 79 HcYMI1DDbn 69->79         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b09a99971437e00e465ab6a78eba7e134d7500327707cc8b52706f9e7ccf5691/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-04-16 23:10:04 UTC
File Type:
ELF32 Big (Exe)
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b09a99971437e00e465ab6a78eba7e134d7500327707cc8b52706f9e7ccf5691

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf b09a99971437e00e465ab6a78eba7e134d7500327707cc8b52706f9e7ccf5691

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2150840/

Comments


Avatar
zbet commented on 2022-04-16 23:09:14 UTC

url : hxxp://205.185.116.110/spc