MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 caaa6fffe6c961b3105aaf087ece3fd4699d942a734b0c23249cfbe280107d49. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	caaa6fffe6c961b3105aaf087ece3fd4699d942a734b0c23249cfbe280107d49
SHA3-384 hash:	d4460ddc38df97223088fa2fe3cf70703aa56614d50ac6be72dd6e8cdea95e95b7244b4a5fb5ebe3d2c45a57b7a078de
SHA1 hash:	7815239dab3016e1ab391be61f8750890058c96d
MD5 hash:	5dc22eee779221d0eea43e54562a680f
humanhash:	august-queen-high-angel
File name:	vailon.x86
Download:	download sample
Signature	Mirai Create hunting rule
File size:	28'244 bytes
First seen:	2022-06-10 11:52:08 UTC
Last seen:	2022-06-10 16:05:27 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	768:jiN21srd6Xd1GDMmmIKtRca4In/6ZzZMQrbV1WhvIufnbcuyD7UHQRjG:Y56X2DMKal/6ZlM0VEwCnouy8Hyi
TLSH	T129C2E191D3E5C5ECE4AEB1B5D8AB7B0A0654E81C805917BD1FC021378EB2B3A5728367
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter	tolisec
Tags:	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

251

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Unix.Dropper.Mirai-7135858-0

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/62a330828763ffd4adac97cc/reports/df883d7d-8507-4398-a180-4907047b01b1/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

x86

Packer:

UPX

Botnet:

62.197.136.92/xnxx

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

Full report:

https://elfdigest.com/brief/caaa6fffe6c961b3105aaf087ece3fd4699d942a734b0c23249cfbe280107d49

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

62.197.136.92:9506

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ca29ac6c-fc58-4f0b-9c4a-84d4eb707a05

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1010804

Signature

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Uses known network protocols on non-standard ports

Behaviour

Behavior Graph:

Download SVG

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/caaa6fffe6c961b3105aaf087ece3fd4699d942a734b0c23249cfbe280107d49/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2022-06-10 11:53:05 UTC

File Type:

ELF32 Little (Exe)

AV detection:

16 of 40 (40.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zkvg777gzfq3gec2v4eh5tr72ruz3fbkonfqyizett56faaqpveq._file

Result

Malware family:

n/a

Score:

9/10

Tags:

discovery linux

Link:

https://tria.ge/reports/220610-n2aa9afba7/

Behaviour

Contacts a large (20282) amount of remote hosts

Creates a large amount of network flows

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/caaa6fffe6c961b3105aaf087ece3fd4699d942a734b0c23249cfbe280107d49

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf caaa6fffe6c961b3105aaf087ece3fd4699d942a734b0c23249cfbe280107d49

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2223341/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample