MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b196ae24735184f69e3ea422bcb241d5b546f3d307e92bc998ca018c8122602f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b196ae24735184f69e3ea422bcb241d5b546f3d307e92bc998ca018c8122602f
SHA3-384 hash:	38379482576b8aa55a7c276e8046bdfb515150aa49c9b161362a844a793b59c4c70d38ab9ee1166ae95682c4989c77a2
SHA1 hash:	900c65789168c4885bcc7231eca5d194fd219f2e
MD5 hash:	6582e6b6a7a5825126450bd687312af6
humanhash:	yellow-romeo-three-diet
File name:	harm
Download:	download sample
Signature	Mirai Create hunting rule
File size:	12'932 bytes
First seen:	2022-04-09 10:50:06 UTC
Last seen:	2022-04-09 11:37:18 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	192:qaql7CvP56dNFhYNy8fypx73W7VapdU1jEVDQYieYgGecz6rTALGt:tqlevP56d7a/s3W7DjEyYdY2pACt
TLSH	T17B42C0E4E0A1F922F37DA837417FE8EC34053A42EBAB245679285C110767051FF835A3
Reporter	tolisec
Tags:	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

265

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.DownLoader.975.25257.24687.UNOFFICIAL

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/6251651f04b81dabe265c8f3/reports/2c4c3e5b-9ff4-46d9-86cc-0ace937b3666/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

UPX

Botnet:

192.210.132.120:80/wrgjwrgjwrg246356356356

Number of open files:

Number of processes launched:

Processes remaning?

true

Remote TCP ports scanned:

2323,23

Full report:

https://elfdigest.com/brief/b196ae24735184f69e3ea422bcb241d5b546f3d307e92bc998ca018c8122602f

Behaviour

Process Renaming

Botnet C2s

TCP botnet C2(s):

192.210.132.120:80
192.210.132.120:3884

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/bbd032e3-f4bb-4209-912a-1299aa66400b

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/973741

Signature

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b196ae24735184f69e3ea422bcb241d5b546f3d307e92bc998ca018c8122602f/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2022-04-09 10:51:09 UTC

File Type:

ELF32 Little (Exe)

AV detection:

16 of 26 (61.54%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/220409-mxtcwshbg6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.23

Link:

https://yomi.yoroi.company/submissions/b196ae24735184f69e3ea422bcb241d5b546f3d307e92bc998ca018c8122602f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf b196ae24735184f69e3ea422bcb241d5b546f3d307e92bc998ca018c8122602f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2138701/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample