MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb1c2397a2408979b855b6269b0e545e137d54096ed46ff0ca6b0d91e24bbf52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb1c2397a2408979b855b6269b0e545e137d54096ed46ff0ca6b0d91e24bbf52
SHA3-384 hash: d1d78be22b59297e038fcc9b3732cbd74ef8fa8d5c69a0a00c4fd3164f61972a0a2c8a2402a38b4e7b93965683aa4a44
SHA1 hash: a0ad981063901d31ffe076f4a4a1ae40988ded9a
MD5 hash: 4d05554923fed09d195adbf685d6e83c
humanhash: kilo-twelve-black-lima
File name:mips
Download: download sample
Signature Mirai
Create hunting rule
File size:88'192 bytes
First seen:2024-12-15 13:41:18 UTC
Last seen:2025-02-17 00:22:08 UTC
File type: elf
MIME type:application/x-executable
ssdeep 1536:yd7kZpsnp5JMhUnK7gi4oPtdecrpDUjavf5yap7Oahght2aTnNDxRJtwK:6ltmt7gi4oPLeK5yaJPhktpjRIK
TLSH T15A83C61E6E158FACF7A9C63107B79E21974D37C727E1CA41E16CEA001E7024E685FB68
telfhash t19501e50c883853f4d7a21c996bedff76e46170de06269e378d00fd6d9b299429900c2c
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
10
# of downloads :
77
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai.8670.14366.27896.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=675edf608fb73f13afc9f2d6linux22vpnfull_triage
Tags:
malware
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Connection attempt
Kills processes
Sends data to a server
Receives data from a server
Runs as daemon
Opens a port
Substitutes an application name
Deleting of the original file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/675edcb049a3171a9427857b/reports/8f008987-fb07-4bc7-80bd-e45979b99d28/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
true
Architecture:
mips
Packer:
not packed
Botnet:
unknown
Number of open files:
16
Number of processes launched:
3
Processes remaning?
true
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/cb1c2397a2408979b855b6269b0e545e137d54096ed46ff0ca6b0d91e24bbf52
Behaviour
Anti-VM
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
type: 172.217.192.127:3478
Result
Verdict:
UNKNOWN
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ef08c66d-1148-477c-a7a4-ceb4eacebf1f
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1575430
Signature
Multi AV Scanner detection for submitted file
Opens /sys/class/net/* files useful for querying network interface information
Performs DNS TXT record lookups
Sample deletes itself
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575430 Sample: mips.elf Startdate: 15/12/2024 Architecture: LINUX Score: 60 16 iranistrash.libre 2->16 18 103.35.190.176, 3478, 51670 VECTANTARTERIANetworksCorporationJP Japan 2->18 20 2 other IPs or domains 2->20 22 Multi AV Scanner detection for submitted file 2->22 8 mips.elf 2->8         started        signatures3 24 Performs DNS TXT record lookups 16->24 process4 signatures5 26 Sample deletes itself 8->26 11 mips.elf 8->11         started        process6 signatures7 28 Opens /sys/class/net/* files useful for querying network interface information 11->28 14 mips.elf 11->14         started        process8
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/cb1c2397a2408979b855b6269b0e545e137d54096ed46ff0ca6b0d91e24bbf52
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb1c2397a2408979b855b6269b0e545e137d54096ed46ff0ca6b0d91e24bbf52/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2024-12-15 13:42:06 UTC
File Type:
ELF32 Big (Exe)
AV detection:
3 of 38 (7.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zmochf5cicextocvwytjwdsulyjx2vajn3kg74gknmgzdyslx5ja._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery evasion
Link:
https://tria.ge/reports/241215-qznf7sxndr/
Behaviour
Enumerates kernel/hardware configuration
System Network Configuration Discovery
Changes its process name
Reads system network configuration
Reads MAC address of network interface
Reads network interface configuration
Deletes itself
Unexpected DNS network traffic destination
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/bcd00f5f-8412-4862-ba64-df590ad15ad1
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cb1c2397a2408979b855b6269b0e545e137d54096ed46ff0ca6b0d91e24bbf52

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 757384290ed7f4b4604978cd6d2906c71f7cd0e19e92dfd230263662359bc0bf

Mirai

elf cb1c2397a2408979b855b6269b0e545e137d54096ed46ff0ca6b0d91e24bbf52

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3350372/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 757384290ed7f4b4604978cd6d2906c71f7cd0e19e92dfd230263662359bc0bf
  
Dropped by
MD5 0a99c208e6aafa0e2c9314c78646478b
  
Dropped by
SHA256 deec827b82f1528724eb25026d8e5340726f624d4ae4532696ec02b5b7fe2ade
  
Dropped by
MD5 70a615b1a8968ae9e09365e36ca9fb98
  
Dropped by
SHA256 7f32f7edf2bc3af8ae6c6092098baa77f4d4878bd493cc82f7b4b7cdf5981c12
  
Dropped by
MD5 71aa5d9c30b7b75bbbc22b52a49bd264
  
Dropped by
SHA256 af5fcb938f4b0fe7477667dac2b9c5f71a609328be260e5d714b902408afa5b0
  
Dropped by
MD5 4c0707db6fed2ca20ea027b85707862e
  
Dropped by
SHA256 f042bd4f19e2babfbad2568caace8f74d108a643eaea52cf6500559310fe0ee2
  
Dropped by
MD5 d1318d5bc500315a3aede7612edd2017
  
Dropped by
SHA256 7fcef83866e5c5631c48bdc17d3438580f20c35920a81003298339c4f6a527e2
  
Dropped by
MD5 9d49e923b6159a0e94b73c363dedd531
  
Dropped by
SHA256 4d4e0183a99f207ff49c2685922d7931fef26aab997a4e5fe2465722e4ad9fea
  
Dropped by
MD5 2b4b1dbcc04a1e31b5dccf267323e575
  
Dropped by
SHA256 fcd28c29953b6f148c0cd7ac7018e9224baca22ef608c1b6995cd5c986acb5df
  
Dropped by
MD5 ba428f0ff10ad32169b5e97fcfc57094
  
Dropped by
SHA256 7406502260456952a47a196329b63e2081d759a2ddb5f782c580bda542df7995
  
Dropped by
MD5 12340ba46581b0b7cea648d9b7c56bfa
  
Dropped by
SHA256 7a5a265f928fe926f6c1d0e5a5afc495f72cf0717a08d31b46aba7b0d4925bdb
  
Dropped by
MD5 4b2798994991e26aa92773a32529e60e
  
Dropped by
SHA256 fb98fba85979aa8a2fc94866e47a8c0ff79a94f86f0c5e88a3f4d72ab2df9c23
  
Dropped by
MD5 0eb42b3146ce990d33f40cac57e87a19
  
Dropped by
SHA256 fcc45c93576fbf91b4b852edbd810a55d12e74a5b0faefec4e18d5c977f16eab
  
Dropped by
MD5 23dffedadd307d8031af10990c23a2e7
  
Dropped by
SHA256 a404d547abd7795fbf281f75cf9b4d0754a2e813a72c8c76c4a65285e4d8aceb
  
Dropped by
MD5 b14d3b8bc2f28811d096884217ba9238
  
Dropped by
SHA256 5c4d731d25b12283868762832d80d7ac787000f1d26369818ab10c630e8ebe0a
  
Dropped by
MD5 92b8c2a290da5bb4d9f367892a6b9ec6
  
Dropped by
SHA256 a37c246bf8a6b29966fd7748721a232e55131007c9b51c7ff2ac4fafaa841247
  
Dropped by
MD5 2fc3b3107afc4883aaf2d413f0e784ae
  
Dropped by
SHA256 5dfa1f0a22636bf2421116554bb4e3f3d82728643889f8326245a53be87e32ff
  
Dropped by
MD5 6cbad27c9da09a89059437288236aac5
  
Dropped by
SHA256 2e5e6b1c4307807a36007e9f8df77fa4948a60f8533ead168e09ec5b241fff4c
  
Dropped by
MD5 873bb34f768964d673e60d778d1f3f46
  
Dropped by
SHA256 272e6696a73e9c7d76b54196611ea97aed60298924cd145695e83e9f8348cba0
  
Dropped by
MD5 fbbc75571e88c7692008b376b8f3c503
  
Dropped by
SHA256 fca9f4077fa5e360aa0ea1c1a8f66ec97f79f590d40182d2d81e5cc65a958b36
  
Dropped by
MD5 13d138d32a4133e0c9f8ce943b9e7c17

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments