MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d153a67578bfda23ecbda17bbc4ce3f1146f471224cb2dd32e1cd8d89d4d769c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	d153a67578bfda23ecbda17bbc4ce3f1146f471224cb2dd32e1cd8d89d4d769c
SHA3-384 hash:	3de7e1a88e9d988ce2192deb2242a9db23ff8f8ff63eef0328aba768dc1e00514ccfef30ab506aeac1b78cbff55255b3
SHA1 hash:	be7ff98659d516c6c053ac2b07e41f3959a72526
MD5 hash:	673ddaae5ec72cc37c9f63062b7110c2
humanhash:	kansas-jersey-enemy-arizona
File name:	SwiftSec.mpsl
Download:	download sample
Signature	Mirai Create hunting rule
File size:	105'168 bytes
First seen:	2024-12-08 18:26:16 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:NmhyrvrvIy9rF5zOAD4OH6RS7yFZnmsA8Eiad42+zj:NoyrTT5OG7yFbEA
TLSH	T1D2A3E726BF611FF7E85BDC3785A8170138CC552E21A53B757930E828F64F24B5AE38A4
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

102

Origin country :

Vendor Threat Intelligence

Detection(s):

Unix.Dropper.Mirai-7135870-0

Unix.Dropper.Mirai-7135939-0

Unix.Dropper.Mirai-7136025-0

Unix.Trojan.Mirai-9964459-0

Verdict:

Clean

Score:

82.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6755e4fafca9c44c249777f7linux22vpnfull_triage

Tags:

malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Runs as daemon

Connection attempt

Receives data from a server

Opens a port

Sends data to a server

Substitutes an application name

Performs a bruteforce attack in the network

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug lolbin masquerade obfuscated remote

Link:

https://www.filescan.io/uploads/6755e4fae29804c45807fc8e/reports/5459e61e-0a31-430d-9790-5a558a0a6dae/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

mips

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/d153a67578bfda23ecbda17bbc4ce3f1146f471224cb2dd32e1cd8d89d4d769c

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/5d25e606-8834-4c7e-9a6a-eb7fb366febf

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1571033

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/d153a67578bfda23ecbda17bbc4ce3f1146f471224cb2dd32e1cd8d89d4d769c

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/d153a67578bfda23ecbda17bbc4ce3f1146f471224cb2dd32e1cd8d89d4d769c/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2024-12-08 18:27:14 UTC

File Type:

ELF32 Little (Exe)

AV detection:

20 of 38 (52.63%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2fj2m5lyx7nch3f5uf53ythd6ekg6rysetfs3uzodtmnrhkno2oa._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:kurc

Link:

https://tria.ge/reports/241208-w3qzdswnhl/

Verdict:

Malicious

Tags:

Unix.Dropper.Mirai-7135870-0

YARA:

n/a

Link:

https://app.threat.zone/submission/ae2a3075-4956-4184-b3b2-e22ad5267dd9

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mirai

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/d153a67578bfda23ecbda17bbc4ce3f1146f471224cb2dd32e1cd8d89d4d769c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf d153a67578bfda23ecbda17bbc4ce3f1146f471224cb2dd32e1cd8d89d4d769c

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3333367/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample