MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddbc5f843ee11ba435934295c3634436abb820b7119f9e4e10d18f78b9e85ee8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddbc5f843ee11ba435934295c3634436abb820b7119f9e4e10d18f78b9e85ee8
SHA3-384 hash: 9fa3801d1d6ece732b8dab15b1da0af54f2cc37c5ce48a4e27553ac7e0028bf6c6af8c0b4486f24a908616f2023da819
SHA1 hash: f8c56b56612d037e7aa784b807d540f151183d8a
MD5 hash: 07f5923d675827efc041754e7aa13e8f
humanhash: ten-oklahoma-ten-speaker
File name:07f5923d675827efc041754e7aa13e8f
Download: download sample
Signature Mirai
Create hunting rule
File size:29'244 bytes
First seen:2022-02-22 23:54:42 UTC
Last seen:2022-02-23 01:39:32 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:FSV0DoD7fqkM0Cm8whkepm9IcSJgGlzDpUYsd:000Dzy7um4VqYW
TLSH T1CBD2E03D470150E7FE51C1BB16C427D22CF14FBEA953E80A6A13E1A3704A5A7BA87DE4
Reporter zbetcheckin
Tags:32 elf mips mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
233
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai.1288.7257.10403.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug mirai
Link:
https://www.filescan.io/uploads/621577daa2660f3bb92a1251/reports/fbbde9d9-38ce-4303-98bb-2d6ca5697d81/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
103.136.43.126/bins
Number of open files:
1
Number of processes launched:
6
Processes remaning?
true
Remote TCP ports scanned:
37215
Full report:
https://elfdigest.com/brief/ddbc5f843ee11ba435934295c3634436abb820b7119f9e4e10d18f78b9e85ee8
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
103.136.43.126:5034
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/93265841-9ea2-4fc8-8380-263e1e9f9d9f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/944398
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 576877 Sample: dTFmrT8HI7 Startdate: 23/02/2022 Architecture: LINUX Score: 52 16 109.202.202.202, 80 INIT7CH Switzerland 2->16 18 91.189.91.42, 443 CANONICAL-ASGB United Kingdom 2->18 20 2 other IPs or domains 2->20 22 Multi AV Scanner detection for submitted file 2->22 24 Sample is packed with UPX 2->24 8 logrotate sh dTFmrT8HI7 2->8         started        10 dash rm 2->10         started        signatures3 process4 process5 12 sh rsyslog-rotate 8->12         started        process6 14 rsyslog-rotate systemctl 12->14         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/ddbc5f843ee11ba435934295c3634436abb820b7119f9e4e10d18f78b9e85ee8/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-02-22 23:55:11 UTC
File Type:
ELF32 Big (Exe)
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
linux
Link:
https://tria.ge/reports/220222-3yffesggbr/
Behaviour
Reads runtime system information
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/ddbc5f843ee11ba435934295c3634436abb820b7119f9e4e10d18f78b9e85ee8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf ddbc5f843ee11ba435934295c3634436abb820b7119f9e4e10d18f78b9e85ee8

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2054284/

Comments


Avatar
zbet commented on 2022-02-22 23:54:45 UTC

url : hxxp://103.136.43.126/bins/x