MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 badc89fd1e3b4d7d2e05ff94be4c70ac032d658b0ca5fac9353e23cd245cc418. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	badc89fd1e3b4d7d2e05ff94be4c70ac032d658b0ca5fac9353e23cd245cc418
SHA3-384 hash:	e5b670d34626aeb09e931499a742caa671501f62c7d8f9a5dd5a8bde7c25102cb18201e48ea65d5c1483fd979d752e9b
SHA1 hash:	74155a3f4178860b90feb572af1d55071a104bf9
MD5 hash:	aad17cba61b4d49007e1234581e304f8
humanhash:	april-jupiter-harry-failed
File name:	x86
Download:	download sample
Signature	Mirai Create hunting rule
File size:	46'288 bytes
First seen:	2021-10-18 21:00:04 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	768:r0U9qSFRmm/dI0prbhaRiejEG2AZHtQaMGO7HEOI3thmDJnnbcuyD7UWyqdvXQGt:IU0cRmipr1aRSYp27Hp8vmlnnouy8Nqz
TLSH	T12123F143681B52CDD399BA728CCFF51D0C59465EC7962BB2B38C5533CFE27622298362
Reporter	tolisec
Tags:	gafgyt mirai

Intelligence

File Origin

# of uploads :

# of downloads :

124

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Unix.Trojan.DarkNexus-7679166-0

Unix.Trojan.Mirai-7669677-0

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/616de060a9d585e6d52c7566/reports/43cb8e2d-b967-447d-a9ca-b7aa1a7b2cef/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

x86

Packer:

custom

Botnet:

45.95.169.115:80/StableBins

Number of open files:

Number of processes launched:

Processes remaning?

true

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/badc89fd1e3b4d7d2e05ff94be4c70ac032d658b0ca5fac9353e23cd245cc418

Behaviour

Process Renaming

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/d6831e7e-dfd8-4951-ac14-e6c0ec74e5e7

Result

Threat name:

Mirai

Detection:

malicious

Classification:

spre.troj

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/872677

Signature

Multi AV Scanner detection for submitted file

Opens /proc/net/* files useful for finding connected devices and routers

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/badc89fd1e3b4d7d2e05ff94be4c70ac032d658b0ca5fac9353e23cd245cc418/

Threat name:

Linux.Trojan.Gafgyt

Status:

Malicious

First seen:

2021-10-18 21:00:18 UTC

AV detection:

13 of 45 (28.89%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/211018-zterjsfffj/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.85

Link:

https://yomi.yoroi.company/submissions/badc89fd1e3b4d7d2e05ff94be4c70ac032d658b0ca5fac9353e23cd245cc418

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf badc89fd1e3b4d7d2e05ff94be4c70ac032d658b0ca5fac9353e23cd245cc418

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1693407/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample