MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c263834917afb9dee55df87377bf9dadf58d444ecc3de026db794e141541e99c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c263834917afb9dee55df87377bf9dadf58d444ecc3de026db794e141541e99c
SHA3-384 hash: afa8efb0fd26aa570915c543b2d046aad682ce1bc552c84f3414d3d6099e3b113706b5546ad133eec47c3dbc1cd883f8
SHA1 hash: 66bc3014e7b5f2153e300ebff921be70f4f654af
MD5 hash: b408480c9acc448463187aff9c3add01
humanhash: purple-snake-finch-tango
File name:x86
Download: download sample
Signature Mirai
Create hunting rule
File size:62'864 bytes
First seen:2022-04-17 01:50:03 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:Z7qARubgzY/bEJyDRcp880LDHhklv4JQC9DSW:NP+eY/bEJRgXBk9AP9l
TLSH T19D536DC9E5C3E5F5EC110A71313BEF3286B7E67D2069DFA7D3986432AA11A02D11639C
telfhash t1012134f7297e1de8e7d5a404831a6e521e9ee03f291032a005238a2137a7dc290b9c79
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter tolisec
Tags:mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
303
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7136015-0
Create hunting rule

Unix.Trojan.Mirai-9876194-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug mirai remote.exe
Link:
https://www.filescan.io/uploads/625b7286ffe27d5119eda92b/reports/079e081f-8abe-4224-adf4-d8581887c325/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
not packed
Botnet:
46.166.185.68:80/bins
Number of open files:
1
Number of processes launched:
5
Processes remaning?
true
Remote TCP ports scanned:
2323,23
Full report:
https://elfdigest.com/brief/c263834917afb9dee55df87377bf9dadf58d444ecc3de026db794e141541e99c
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
46.166.185.68:5555
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e4b47189-4b8b-4112-9ad6-098fd6b15215
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/977767
Signature
Machine Learning detection for sample
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 610254 Sample: x86 Startdate: 17/04/2022 Architecture: LINUX Score: 64 18 5.224.39.48, 2323 VODAFONE_ESES Spain 2->18 20 5.88.169.202 VODAFONE-IT-ASNIT Italy 2->20 22 98 other IPs or domains 2->22 24 Yara detected Mirai 2->24 26 Machine Learning detection for sample 2->26 28 Uses known network protocols on non-standard ports 2->28 8 x86 2->8         started        signatures3 process4 process5 10 x86 8->10         started        process6 12 x86 10->12         started        14 x86 10->14         started        16 x86 10->16         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c263834917afb9dee55df87377bf9dadf58d444ecc3de026db794e141541e99c/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-04-17 01:51:05 UTC
File Type:
ELF32 Little (Exe)
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c263834917afb9dee55df87377bf9dadf58d444ecc3de026db794e141541e99c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments