MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c004a0a48888f2a1a510e658ed045d92b114acb8f2f3191a723739239c043ab7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c004a0a48888f2a1a510e658ed045d92b114acb8f2f3191a723739239c043ab7
SHA3-384 hash: 3bf4bbee8fe0a2937bdd0e12f8f0cb1db495ad6959c01d8504f3b836e80a7acabc26817bd99776cc854294154cc63025
SHA1 hash: 6ba287621d05342ccc3c531dac7dc1df1b629837
MD5 hash: 4196cb39d8806514da326a31dd8d5734
humanhash: moon-crazy-princess-florida
File name:4196cb39d8806514da326a31dd8d5734
Download: download sample
Signature Mirai
Create hunting rule
File size:62'856 bytes
First seen:2021-11-27 23:24:54 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:2aQJAALocuf43z/ai545n9RGDKsrKo4E2CQoYBJ:2jUg37lO90msmE2/3
TLSH T164539D72C5641D90C19446F0F668CEB90763E20087933FF5459ACAA99497EFCF60A3F9
Reporter zbetcheckin
Tags:32 elf mirai renesas

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135881-0
Create hunting rule

Unix.Dropper.Mirai-7135996-0
Create hunting rule

Unix.Dropper.Mirai-7136015-0
Create hunting rule

Unix.Dropper.Mirai-7136033-0
Create hunting rule

Unix.Trojan.Mirai-7138377-0
Create hunting rule

Unix.Trojan.Mirai-7674518-0
Create hunting rule

Unix.Trojan.Mirai-9807962-0
Create hunting rule

Unix.Trojan.Mirai-9808381-0
Create hunting rule

Unix.Trojan.Mirai-9876194-0
Create hunting rule

Unix.Trojan.Generic-9910199-0
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
67%
Tags:
anti-debug mirai
Link:
https://www.filescan.io/uploads/61a2be51b71ceed41533bf76/reports/6fe2e078-e434-4887-aca3-d376ed08ff6c/overview
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2d091dc5-7a9f-4e0c-98c3-487ec7dbfbd1
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/897228
Signature
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 529706 Sample: 45ijGj4CVn Startdate: 28/11/2021 Architecture: LINUX Score: 76 51 14.164.95.3 VNPT-AS-VNVNPTCorpVN Viet Nam 2->51 53 14.203.120.11, 23 TPG-INTERNET-APTPGTelecomLimitedAU Australia 2->53 55 98 other IPs or domains 2->55 57 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Mirai 2->61 63 Uses known network protocols on non-standard ports 2->63 9 systemd logrotate 2->9         started        11 systemd mandb 45ijGj4CVn 2->11         started        13 systemd install 2->13         started        15 systemd find 2->15         started        signatures3 process4 process5 17 logrotate sh 9->17         started        19 logrotate sh 9->19         started        21 logrotate sh 9->21         started        25 4 other processes 9->25 23 45ijGj4CVn 11->23         started        process6 27 sh invoke-rc.d 17->27         started        29 sh rsyslog-rotate 19->29         started        31 sh rsyslog-rotate 21->31         started        33 45ijGj4CVn 23->33         started        35 45ijGj4CVn 23->35         started        37 45ijGj4CVn 23->37         started        process7 39 invoke-rc.d runlevel 27->39         started        41 invoke-rc.d systemctl 27->41         started        43 invoke-rc.d ls 27->43         started        45 invoke-rc.d systemctl 27->45         started        47 rsyslog-rotate systemctl 29->47         started        49 rsyslog-rotate systemctl 31->49         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c004a0a48888f2a1a510e658ed045d92b114acb8f2f3191a723739239c043ab7/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2021-11-27 23:25:10 UTC
File Type:
ELF32 Little (Exe)
AV detection:
20 of 27 (74.07%)
Threat level:
  5/5
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai linux
Link:
https://tria.ge/reports/211127-3eae3ahbf8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c004a0a48888f2a1a510e658ed045d92b114acb8f2f3191a723739239c043ab7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf c004a0a48888f2a1a510e658ed045d92b114acb8f2f3191a723739239c043ab7

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1826517/

Comments


Avatar
zbet commented on 2021-11-27 23:24:58 UTC

url : hxxp://103.246.145.79/bins/sh4