MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cec724aa5b51cf8649b30e5d72a3153282e184ebadc4016b9d1c7adc324671ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cec724aa5b51cf8649b30e5d72a3153282e184ebadc4016b9d1c7adc324671ed
SHA3-384 hash: f3535593472fda5a16a2d67b4fd13d3af727e8abc09832645fd2cabb099b7b5d7f3d9313a3e69f972d71ddc35d7070c0
SHA1 hash: 7110318a012b93967506c3fd92eafff6b4718024
MD5 hash: 0ed43aaaa80bd395c1c0c1d20d1187ca
humanhash: shade-hotel-avocado-south
File name:0ed43aaaa80bd395c1c0c1d20d1187ca
Download: download sample
Signature Mirai
Create hunting rule
File size:60'412 bytes
First seen:2022-04-25 22:03:14 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:eLobAxU6q9Hfymp0xginSYeCLUB6WsTwR11IQdszoDaS0O+DCDL:eL0AxvSHfymp0xgujeCLs6vTAIauI
TLSH T143432925AD792E26C0D8B57E11F7C724F2E2620E25B8C65E3C721E4EEF04740A5537BA
Reporter zbetcheckin
Tags:32 elf mirai sparc

Intelligence

File Origin
# of uploads :
1
# of downloads :
240
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135890-0
Create hunting rule

Unix.Dropper.Mirai-7135939-0
Create hunting rule

Unix.Dropper.Mirai-7136025-0
Create hunting rule

Unix.Trojan.Mirai-9819563-0
Create hunting rule

Unix.Trojan.Mirai-9820623-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62671ad52f162d9fdf682864/reports/674ef8ce-c059-4519-9d76-351542b2415a/overview
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6a45698a-5216-49be-9fa8-dbe2a53a7c1f
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
spre.troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/982794
Signature
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 615289 Sample: tK4FJXJijQ Startdate: 26/04/2022 Architecture: LINUX Score: 64 70 61.193.213.174 XEPHIONNTT-MECorporationJP Japan 2->70 72 70.43.247.139 WINDSTREAMUS United States 2->72 74 98 other IPs or domains 2->74 78 Multi AV Scanner detection for submitted file 2->78 80 Yara detected Mirai 2->80 82 Uses known network protocols on non-standard ports 2->82 10 systemd mandb tK4FJXJijQ 2->10         started        12 systemd logrotate 2->12         started        14 systemd install 2->14         started        16 systemd find 2->16         started        signatures3 process4 process5 18 tK4FJXJijQ 10->18         started        21 tK4FJXJijQ 10->21         started        23 tK4FJXJijQ 10->23         started        25 logrotate sh 12->25         started        27 logrotate sh 12->27         started        29 logrotate gzip 12->29         started        31 logrotate gzip 12->31         started        signatures6 76 Sample tries to kill multiple processes (SIGKILL) 18->76 33 tK4FJXJijQ 18->33         started        35 tK4FJXJijQ 18->35         started        37 tK4FJXJijQ 21->37         started        40 tK4FJXJijQ 21->40         started        42 tK4FJXJijQ 21->42         started        44 sh invoke-rc.d 25->44         started        46 sh rsyslog-rotate 27->46         started        process7 signatures8 48 tK4FJXJijQ 33->48         started        64 2 other processes 33->64 84 Sample tries to kill multiple processes (SIGKILL) 37->84 50 tK4FJXJijQ 37->50         started        52 tK4FJXJijQ 37->52         started        54 invoke-rc.d runlevel 44->54         started        56 invoke-rc.d systemctl 44->56         started        58 invoke-rc.d ls 44->58         started        60 invoke-rc.d systemctl 44->60         started        62 rsyslog-rotate systemctl 46->62         started        process9 process10 66 tK4FJXJijQ 48->66         started        68 tK4FJXJijQ 48->68         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/cec724aa5b51cf8649b30e5d72a3153282e184ebadc4016b9d1c7adc324671ed/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-04-25 22:04:05 UTC
File Type:
ELF32 Big (Exe)
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai linux
Link:
https://tria.ge/reports/220425-1yxctsafam/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cec724aa5b51cf8649b30e5d72a3153282e184ebadc4016b9d1c7adc324671ed

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf cec724aa5b51cf8649b30e5d72a3153282e184ebadc4016b9d1c7adc324671ed

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2164163/

Comments


Avatar
zbet commented on 2022-04-25 22:03:17 UTC

url : hxxp://185.44.81.9/bins/sora.spc