MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfd88de0799f0becf74112e3a4172826b439bb9881ff42acd2a917ce16665f1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1

SHA256 hash: cfd88de0799f0becf74112e3a4172826b439bb9881ff42acd2a917ce16665f1b
SHA3-384 hash: 1b884f8d6e5a2706a59d32cc6fd7cae60f8595c930252a7cb2e15d127ea00a3a65a914f9ed71de43fcdd387da4798125
SHA1 hash: 43d9b0e70af44f295a434704accf1e08e2ac8742
MD5 hash: 088beff0ab389294d3129b786a91aee0
humanhash: lithium-wyoming-emma-music
File name:088beff0ab389294d3129b786a91aee0
Download: download sample
Signature Mirai
File size:28'288 bytes
First seen:2022-04-11 11:14:17 UTC
Last seen:2022-04-11 11:43:43 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:BEGQ+y91uL+fe4crcYTReSgqWlHFGVHS0+Crk4uVcqgw0X7JkmWZ:Buuqe4uR1GwHH+H4u+qgw09U
TLSH T176C2D074E35D8DC0F7AE5EB459CBB3C02EB04BD63AF1D4E61A85075226036627B167E0
Reporter zbetcheckin
Tags:32 elf mirai powerpc

Intelligence


File Origin
# of uploads :
2
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad.mine
Score:
56 / 100
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Searches for CPU information (likely indicative for DDoS capability)
Behaviour
Behavior Graph:
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 607026 Sample: G5tnwni2II Startdate: 11/04/2022 Architecture: LINUX Score: 56 39 173.67.226.21, 23, 43208 UUNETUS United States 2->39 41 109.202.202.202, 80 INIT7CH Switzerland 2->41 43 3 other IPs or domains 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 Sample is packed with UPX 2->47 8 systemd 50-motd-news 2->8         started        10 G5tnwni2II 2->10         started        signatures3 process4 process5 12 50-motd-news 8->12         started        14 50-motd-news 8->14         started        16 50-motd-news 8->16         started        18 19 other processes 8->18 process6 20 50-motd-news grep 12->20         started        23 50-motd-news sed 12->23         started        25 50-motd-news dpkg dpkg-query 14->25         started        27 50-motd-news awk 14->27         started        29 50-motd-news cut 16->29         started        31 50-motd-news tr 16->31         started        33 cloud-id uname 18->33         started        35 50-motd-news sed 18->35         started        37 50-motd-news 18->37         started        signatures7 49 Searches for CPU information (likely indicative for DDoS capability) 20->49
Threat name:
Linux.Trojan.Mirai
Status:
Malicious
First seen:
2022-04-11 11:15:08 UTC
File Type:
ELF32 Big (Exe)
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf cfd88de0799f0becf74112e3a4172826b439bb9881ff42acd2a917ce16665f1b

(this sample)

  
Delivery method
Distributed via web download

Comments



Avatar
zbet commented on 2022-04-11 11:14:20 UTC

url : hxxp://192.210.132.120/heetzcase/heetz.ppc