MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf4970f4aeccabe73c27d30effd532d452c11221438449b70935d13e3dce4669. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf4970f4aeccabe73c27d30effd532d452c11221438449b70935d13e3dce4669
SHA3-384 hash: 16a921fd485e80cd66e6397885c5ac23eb99c99698f18c753accf62986adface0efa101fcb06e68ebf8ae1e6c9ca6d69
SHA1 hash: 7dd5659d72d7cd7ecff21d39c1914017d550039e
MD5 hash: 9f80830daeb728268f9a6e1063af4948
humanhash: helium-artist-network-avocado
File name:yakuza.x86
Download: download sample
Signature Mirai
Create hunting rule
File size:25'156 bytes
First seen:2022-01-03 08:00:04 UTC
Last seen:2022-01-10 04:00:03 UTC
File type: elf
MIME type:application/x-executable
ssdeep 384:MXVntGznJ+4TpkUs/5/xq72EIEu994mO8S1Zh2wTYfoSvHFGvAmolssAD:onMzJ+4TpkUsB5Wu4aS1tmXOo27
TLSH T144B2D064727D443FCB7ECA3184EE75B86DD36880860613841F4E9027EA7753BD2B4ADA
Reporter tolisec
Tags:mirai

Intelligence

File Origin
# of uploads :
3
# of downloads :
167
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Linux.Mirai.1.14008.30468.UNOFFICIAL
Create hunting rule

Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/3734/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/61d2ad0d7837ada941a995c6/reports/8eb24051-6131-45cb-8d6a-d2e051e2c0f9/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
UPX
Botnet:
185.204.217.174:80/bins
Number of open files:
2
Number of processes launched:
5
Processes remaning?
true
Remote TCP ports scanned:
2323,23
Full report:
https://elfdigest.com/brief/bf4970f4aeccabe73c27d30effd532d452c11221438449b70935d13e3dce4669
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
185.204.217.174:5034
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d0af4502-b201-46cc-85e0-a0892c6e7c2a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/914781
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 547267 Sample: yakuza.x86 Startdate: 03/01/2022 Architecture: LINUX Score: 52 20 209.236.196.200, 23 WINDSTREAMUS United States 2->20 22 196.135.163.60, 23 Vodafone-EG Egypt 2->22 24 98 other IPs or domains 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Sample is packed with UPX 2->28 8 yakuza.x86 2->8         started        10 dash rm 2->10         started        signatures3 process4 process5 12 yakuza.x86 8->12         started        process6 14 yakuza.x86 12->14         started        16 yakuza.x86 12->16         started        18 yakuza.x86 12->18         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/bf4970f4aeccabe73c27d30effd532d452c11221438449b70935d13e3dce4669/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-01-03 08:01:07 UTC
File Type:
ELF32 Little (Exe)
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/220103-jv1gmshecr/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/bf4970f4aeccabe73c27d30effd532d452c11221438449b70935d13e3dce4669

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf bf4970f4aeccabe73c27d30effd532d452c11221438449b70935d13e3dce4669

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1945589/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1946775/

Comments