MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8183f2eddbb74bb849edab5510e72213cfe8e01099f7bd1e88478f6dc8c92e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8183f2eddbb74bb849edab5510e72213cfe8e01099f7bd1e88478f6dc8c92e1
SHA3-384 hash: ef6e7f10913511217060e12816163d05ff8e18cfad25c6a449ee4044a78e6fe056740290096d52e26d756e9fb6ac5106
SHA1 hash: 7083700e52c516593e26cb72056083b486073353
MD5 hash: a6349754d63fdf99773ea95a21c66be7
humanhash: leopard-lima-kilo-september
File name:a6349754d63fdf99773ea95a21c66be7
Download: download sample
Signature Mirai
Create hunting rule
File size:28'396 bytes
First seen:2021-12-26 12:17:36 UTC
Last seen:2021-12-26 13:46:06 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:V2criISy0DqS7uXVTiUyhSYeLcRT9pUSWkQ69TLlXdo2hc:jrD1hiU+Nft9pUuQ69LRdo2G
TLSH T17CD2F1EBC4906D3CEC33E4F616A3F95B3E37D04076570368CB8D925A2136554B7B5A82
Reporter zbetcheckin
Tags:32 elf intel mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
187
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Linux.Mirai.1.12534.8724.UNOFFICIAL
Create hunting rule

Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/3273/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
67%
Tags:
anti-debug mirai
Link:
https://www.filescan.io/uploads/61c85d7c4ab5c44cbf5204fe/reports/1a940f7e-eece-4fee-9bbb-cab873ccd25a/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
UPX
Botnet:
unknown
Number of open files:
2
Number of processes launched:
6
Processes remaning?
true
Remote TCP ports scanned:
37215
Full report:
https://elfdigest.com/brief/d8183f2eddbb74bb849edab5510e72213cfe8e01099f7bd1e88478f6dc8c92e1
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
185.204.217.174:45526
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4befb55d-82d4-489a-9b36-eb8cc5a485a7
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/912933
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 545411 Sample: teuS3WQvbS Startdate: 26/12/2021 Architecture: LINUX Score: 56 22 197.190.238.225 zain-asGH Ghana 2->22 24 102.87.132.248 ZAINUGASUG Uganda 2->24 26 98 other IPs or domains 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Uses known network protocols on non-standard ports 2->30 32 Sample is packed with UPX 2->32 8 teuS3WQvbS 2->8         started        10 dash rm 2->10         started        signatures3 process4 process5 12 teuS3WQvbS 8->12         started        process6 14 teuS3WQvbS 12->14         started        16 teuS3WQvbS 12->16         started        18 teuS3WQvbS 12->18         started        20 teuS3WQvbS 12->20         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/d8183f2eddbb74bb849edab5510e72213cfe8e01099f7bd1e88478f6dc8c92e1/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2021-12-26 11:39:05 UTC
File Type:
ELF32 Little (Exe)
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/211226-pglzzsbec9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/d8183f2eddbb74bb849edab5510e72213cfe8e01099f7bd1e88478f6dc8c92e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf d8183f2eddbb74bb849edab5510e72213cfe8e01099f7bd1e88478f6dc8c92e1

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1919779/
  
URLhaus
https://urlhaus.abuse.ch/url/1922434/

Comments


Avatar
zbet commented on 2021-12-26 12:17:36 UTC

url : hxxp://5.181.80.238/lx/a