MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b33abd7d70cd72f9e6a8b1f4acc0c669018bfa1d2869c958ed742b8d4434709e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b33abd7d70cd72f9e6a8b1f4acc0c669018bfa1d2869c958ed742b8d4434709e
SHA3-384 hash: 80acbec9a0e0118e89469421b451a07e716687982f45449d1999fcb19a5e50d6758c5f50a3e81e7b04d0aae05605a8c9
SHA1 hash: e2efa5bd5ea5c1722dc442d8645f8d8c85528c3f
MD5 hash: 78f7f0ccbb215a0d877e3d4afeb072c9
humanhash: magazine-six-rugby-october
File name:r4cks.arm
Download: download sample
Signature Mirai
Create hunting rule
File size:30'236 bytes
First seen:2021-12-08 19:50:09 UTC
Last seen:2021-12-08 21:31:24 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:a9arYEwgeccJjcENBZXsPl1V3THxr8gkus3UozW:ZVcJgEupjQTzW
TLSH T15ED2D039638C0EBCD5A0683BB936C6692BC74C3463FC3A654E1445B065DF104B9F4DAB
Reporter tolisec
Tags:mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai.58.31230.20458.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/61b10cab4d8e6f3a5e1a159f/reports/cd31654f-6490-422c-9b40-f456538ff7dd/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
103.246.145.79:80/qh2xj347zu6t2emvb
Number of open files:
52
Number of processes launched:
7
Processes remaning?
false
Remote TCP ports scanned:
5501,37215
Full report:
https://elfdigest.com/brief/b33abd7d70cd72f9e6a8b1f4acc0c669018bfa1d2869c958ed742b8d4434709e
Behaviour
Information Gathering
Botnet C2s
TCP botnet C2(s):
103.246.145.79:34241
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/af0234af-c6fa-4a31-a12a-3749ed856242
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/904210
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 536694 Sample: r4cks.arm Startdate: 08/12/2021 Architecture: LINUX Score: 80 30 155.94.11.214 ZOETIS-INCUS United States 2->30 32 70.40.0.144 WOODYNET-1US United States 2->32 34 98 other IPs or domains 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Multi AV Scanner detection for submitted file 2->38 40 Yara detected Mirai 2->40 42 2 other signatures 2->42 8 r4cks.arm 2->8         started        10 systemd sshd 2->10         started        12 systemd sshd 2->12         started        14 2 other processes 2->14 signatures3 process4 process5 16 r4cks.arm 8->16         started        18 r4cks.arm 8->18         started        20 r4cks.arm 8->20         started        process6 22 r4cks.arm 16->22         started        24 r4cks.arm 16->24         started        26 r4cks.arm 16->26         started        28 r4cks.arm 16->28         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b33abd7d70cd72f9e6a8b1f4acc0c669018bfa1d2869c958ed742b8d4434709e/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2021-12-08 19:51:11 UTC
File Type:
ELF32 Little (Exe)
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/211208-yktcxahbc6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.29
Link:
https://yomi.yoroi.company/submissions/b33abd7d70cd72f9e6a8b1f4acc0c669018bfa1d2869c958ed742b8d4434709e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf b33abd7d70cd72f9e6a8b1f4acc0c669018bfa1d2869c958ed742b8d4434709e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1866583/
  
Delivery method
Distributed via web download

Comments