MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3c2dce274132a99a8f176e8bfe4f8783f6a123a1e64bf8a9f5cf6f3caa551e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3c2dce274132a99a8f176e8bfe4f8783f6a123a1e64bf8a9f5cf6f3caa551e1
SHA3-384 hash: ea59228923c094ccb31136651be266a8b05e501fee760f271285521c9024538b9ca972ece08dc3dd659240dbfcb53e20
SHA1 hash: 1db1a937e3c38c2c18a025afafc05c09123525e7
MD5 hash: e01dd3d064b64744f19bcc64457efafa
humanhash: xray-burger-delta-bluebird
File name:e01dd3d064b64744f19bcc64457efafa
Download: download sample
Signature Mirai
Create hunting rule
File size:51'580 bytes
First seen:2022-04-25 22:02:39 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:rauxBwtHSMsas4UQebyuA/9TEz1yWfs3IVe5eFUA/qwCqaoys1Cb:ra8Bwtyut3TEz1fs38ceFR/qwln1Cb
TLSH T1A9338CB5C579EDA8D1544A78BE248F749723E100C6A32EFADA44C6699083EFCF1583F4
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter zbetcheckin
Tags:32 elf mirai renesas

Intelligence

File Origin
# of uploads :
1
# of downloads :
237
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135890-0
Create hunting rule

Unix.Dropper.Mirai-7135939-0
Create hunting rule

Unix.Dropper.Mirai-7136025-0
Create hunting rule

Unix.Trojan.Mirai-7138377-0
Create hunting rule

Unix.Trojan.Mirai-7674518-0
Create hunting rule

Unix.Trojan.Mirai-9819563-0
Create hunting rule

Unix.Trojan.Mirai-9820623-0
Create hunting rule

Unix.Trojan.Generic-9910199-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62671a99adbef2ca414b3ebd/reports/fa4a532c-1fa8-4520-992b-50a9c3353e6d/overview
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/476d71cc-f0a3-4fec-89d6-8febed72789f
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
spre.troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/982801
Signature
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 615301 Sample: VftBGceVIF Startdate: 26/04/2022 Architecture: LINUX Score: 64 57 106.10.231.222 YAHOO-SG3internetcontentproviderSG Singapore 2->57 59 13.21.104.44 XEROX-ELLUS United States 2->59 61 98 other IPs or domains 2->61 65 Multi AV Scanner detection for submitted file 2->65 67 Yara detected Mirai 2->67 69 Uses known network protocols on non-standard ports 2->69 9 systemd mandb VftBGceVIF 2->9         started        11 systemd logrotate 2->11         started        13 systemd install 2->13         started        15 systemd find 2->15         started        signatures3 process4 process5 17 VftBGceVIF 9->17         started        19 VftBGceVIF 9->19         started        22 VftBGceVIF 9->22         started        24 logrotate sh 11->24         started        26 logrotate sh 11->26         started        28 logrotate gzip 11->28         started        30 logrotate gzip 11->30         started        signatures6 32 VftBGceVIF 17->32         started        35 VftBGceVIF 17->35         started        37 VftBGceVIF 17->37         started        71 Sample tries to kill multiple processes (SIGKILL) 19->71 39 sh invoke-rc.d 24->39         started        41 sh rsyslog-rotate 26->41         started        process7 signatures8 63 Sample tries to kill multiple processes (SIGKILL) 32->63 43 VftBGceVIF 32->43         started        45 VftBGceVIF 32->45         started        47 invoke-rc.d runlevel 39->47         started        49 invoke-rc.d systemctl 39->49         started        51 invoke-rc.d ls 39->51         started        53 invoke-rc.d systemctl 39->53         started        55 rsyslog-rotate systemctl 41->55         started        process9
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/d3c2dce274132a99a8f176e8bfe4f8783f6a123a1e64bf8a9f5cf6f3caa551e1/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-04-25 22:03:06 UTC
File Type:
ELF32 Little (Exe)
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai linux
Link:
https://tria.ge/reports/220425-1ybq5aeea3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d3c2dce274132a99a8f176e8bfe4f8783f6a123a1e64bf8a9f5cf6f3caa551e1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf d3c2dce274132a99a8f176e8bfe4f8783f6a123a1e64bf8a9f5cf6f3caa551e1

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2164160/

Comments


Avatar
zbet commented on 2022-04-25 22:02:43 UTC

url : hxxp://185.44.81.9/bins/sora.sh4