MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0bbd45887eb70506e6acb9da96e8b5b52fcbd732e46b77f7c0f987e5eb74322. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0bbd45887eb70506e6acb9da96e8b5b52fcbd732e46b77f7c0f987e5eb74322
SHA3-384 hash: 2de6dc1b7102f29ce0c5fc8ecfcee690dd8432d7e75fcf57c3b5f6b77a465419ab119b69a6c7a926679bf8cc824657b5
SHA1 hash: 50434e8c734556aa86077149cd84186053e28753
MD5 hash: 9fca70a5f39874afd1677c709f6e7062
humanhash: robin-finch-saturn-butter
File name:9fca70a5f39874afd1677c709f6e7062
Download: download sample
Signature Mirai
Create hunting rule
File size:93'164 bytes
First seen:2022-06-28 11:13:47 UTC
Last seen:2022-06-28 12:00:34 UTC
File type: elf
MIME type:application/x-executable
ssdeep 1536:5+w8kohbeVyloMId6nmHbEl0dN1geBUjdxk0aGi8OUbRWbivbTD0GM:5+DFbeVylo7NbPDBUJxk0Hb4ij0GM
TLSH T163933B557C829A12CAD4227AFA2E028C376563E8D2DF321BDD219F113BC692F0DB7751
telfhash t18ab012d0c80728c8fb800b5380953573a2cfe4260c9800d130c84f0e80703d0f1df50b
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter zbetcheckin
Tags:32 arm elf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62bae2c5fb0f8ab80892fab4/reports/96e1f65e-db03-4f00-8985-3b40b46163c3/overview
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/61be3980-65fb-457b-bcfc-0b9b4e5704a5
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1021132
Signature
Multi AV Scanner detection for submitted file
Sample deletes itself
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 653631 Sample: qUcnnJJdxQ Startdate: 28/06/2022 Architecture: LINUX Score: 64 22 166.70.47.180 XMISSIONUS United States 2->22 24 13.9.20.78 XEROX-WVUS United States 2->24 26 98 other IPs or domains 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Yara detected Mirai 2->30 32 Uses known network protocols on non-standard ports 2->32 9 qUcnnJJdxQ 2->9         started        signatures3 process4 signatures5 34 Sample deletes itself 9->34 12 qUcnnJJdxQ 9->12         started        14 qUcnnJJdxQ 9->14         started        process6 process7 16 qUcnnJJdxQ 12->16         started        18 qUcnnJJdxQ 12->18         started        process8 20 qUcnnJJdxQ 16->20         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c0bbd45887eb70506e6acb9da96e8b5b52fcbd732e46b77f7c0f987e5eb74322/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-06-28 11:14:14 UTC
File Type:
ELF32 Little (Exe)
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yc55iweh5nyfa3tkzoo2s3ullnjpzpltfzdlo734b6mh4xvximra._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/220628-nbzhfsahb5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c0bbd45887eb70506e6acb9da96e8b5b52fcbd732e46b77f7c0f987e5eb74322

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:myMirai
Create hunting rule
Description:Mirai
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf c0bbd45887eb70506e6acb9da96e8b5b52fcbd732e46b77f7c0f987e5eb74322

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2252041/

Comments


Avatar
zbet commented on 2022-06-28 11:13:51 UTC

url : hxxp://103-136-41-100.hosted-by-worldstream.net/bins/ZG9zarm5