MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfd88de0799f0becf74112e3a4172826b439bb9881ff42acd2a917ce16665f1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfd88de0799f0becf74112e3a4172826b439bb9881ff42acd2a917ce16665f1b
SHA3-384 hash: 1b884f8d6e5a2706a59d32cc6fd7cae60f8595c930252a7cb2e15d127ea00a3a65a914f9ed71de43fcdd387da4798125
SHA1 hash: 43d9b0e70af44f295a434704accf1e08e2ac8742
MD5 hash: 088beff0ab389294d3129b786a91aee0
humanhash: lithium-wyoming-emma-music
File name:088beff0ab389294d3129b786a91aee0
Download: download sample
Signature Mirai
Create hunting rule
File size:28'288 bytes
First seen:2022-04-11 11:14:17 UTC
Last seen:2022-04-11 11:43:43 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:BEGQ+y91uL+fe4crcYTReSgqWlHFGVHS0+Crk4uVcqgw0X7JkmWZ:Buuqe4uR1GwHH+H4u+qgw09U
TLSH T176C2D074E35D8DC0F7AE5EB459CBB3C02EB04BD63AF1D4E61A85075226036627B167E0
Reporter zbetcheckin
Tags:32 elf mirai powerpc

Intelligence

File Origin
# of uploads :
2
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai.4565.24509.863.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62540dc404b81dabe27fc839/reports/ca09ff18-6a28-41d4-a82e-17fffba441b3/overview
Result
Verdict:
MALICIOUS
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b675dc87-8858-4e01-9246-7b96c729f7a9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad.mine
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/974531
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Searches for CPU information (likely indicative for DDoS capability)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 607026 Sample: G5tnwni2II Startdate: 11/04/2022 Architecture: LINUX Score: 56 39 173.67.226.21, 23, 43208 UUNETUS United States 2->39 41 109.202.202.202, 80 INIT7CH Switzerland 2->41 43 3 other IPs or domains 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 Sample is packed with UPX 2->47 8 systemd 50-motd-news 2->8         started        10 G5tnwni2II 2->10         started        signatures3 process4 process5 12 50-motd-news 8->12         started        14 50-motd-news 8->14         started        16 50-motd-news 8->16         started        18 19 other processes 8->18 process6 20 50-motd-news grep 12->20         started        23 50-motd-news sed 12->23         started        25 50-motd-news dpkg dpkg-query 14->25         started        27 50-motd-news awk 14->27         started        29 50-motd-news cut 16->29         started        31 50-motd-news tr 16->31         started        33 cloud-id uname 18->33         started        35 50-motd-news sed 18->35         started        37 50-motd-news 18->37         started        signatures7 49 Searches for CPU information (likely indicative for DDoS capability) 20->49
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/cfd88de0799f0becf74112e3a4172826b439bb9881ff42acd2a917ce16665f1b/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-04-11 11:15:08 UTC
File Type:
ELF32 Big (Exe)
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/220411-ncj46ahcb4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.03
Link:
https://yomi.yoroi.company/submissions/cfd88de0799f0becf74112e3a4172826b439bb9881ff42acd2a917ce16665f1b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf cfd88de0799f0becf74112e3a4172826b439bb9881ff42acd2a917ce16665f1b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2141205/

Comments


Avatar
zbet commented on 2022-04-11 11:14:20 UTC

url : hxxp://192.210.132.120/heetzcase/heetz.ppc