MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdf648ebbebee9df103a6f58dfda1cc3419d8f52032b28537729d4905e97ceeb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments 1

SHA256 hash:	cdf648ebbebee9df103a6f58dfda1cc3419d8f52032b28537729d4905e97ceeb
SHA3-384 hash:	a6757c696298505f2eb1bd33a3ba97911ba6db53d807d061cee88ea628bb861d703ad1555a6cde89d9df05e953d9df51
SHA1 hash:	fb641172d1bfc6103ccc3b40750f0a3c1457321c
MD5 hash:	fee7a1efcf422595a553c06bee8c9976
humanhash:	pennsylvania-sink-gee-winner
File name:	fee7a1efcf422595a553c06bee8c9976
Download:	download sample
Signature	Mirai Create hunting rule
File size:	66'972 bytes
First seen:	2022-01-03 08:48:47 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:tl0hHQOHZ++DrICUnYewQSaU7euEM/LLlxeKPf:nIxH6+8rU7a8l/Pf
TLSH	T161634925AEBA2E07C0D4A5BA22F74764B2E1678E31E8C70E7D630E4EFF1164460535F9
Reporter	zbetcheckin
Tags:	32 elf mirai sparc

Intelligence

File Origin

# of uploads :

# of downloads :

166

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL

Unix.Trojan.Mirai-9917692-0

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

75%

Tags:

anti-debug gafgyt mirai

Link:

https://www.filescan.io/uploads/61d2b8814ab5c44cbf5d0548/reports/22e18031-b3ac-4d93-902c-a17892cb8a02/overview

Result

Verdict:

MALICIOUS

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f5af9b78-708b-4961-ab11-9d1d2d21e572

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/914809

Signature

Connects to many ports of the same IP (likely port scanning)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Uses known network protocols on non-standard ports

Behaviour

Behavior Graph:

Download SVG

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/cdf648ebbebee9df103a6f58dfda1cc3419d8f52032b28537729d4905e97ceeb/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2022-01-03 08:49:08 UTC

File Type:

ELF32 Big (Exe)

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai linux

Link:

https://tria.ge/reports/220103-kq1saabbe6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.26

Link:

https://yomi.yoroi.company/submissions/cdf648ebbebee9df103a6f58dfda1cc3419d8f52032b28537729d4905e97ceeb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.