MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df8358c374f070b6f1d642a4bdfe0449334ca39a1a04038b829475d2650a6ff7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 10

Intelligence 10 IOCs YARA 4 File information Comments 1

SHA256 hash:	df8358c374f070b6f1d642a4bdfe0449334ca39a1a04038b829475d2650a6ff7
SHA3-384 hash:	9aa6e3894c9e5ef7ebde581d95c00a3769dae135974bbecbf14306806941792cb43eff11f926899006fd2ae54eb7b8a5
SHA1 hash:	7386aec70a92fbcc461ea2abc9f04c0b804783b5
MD5 hash:	ca749e0e764fb614792569c32ba12b26
humanhash:	maryland-south-spaghetti-fish
File name:	ca749e0e764fb614792569c32ba12b26
Download:	download sample
Signature	Mirai Create hunting rule
File size:	54'476 bytes
First seen:	2024-05-03 00:17:53 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:QRn+dhqV5DJ5jNnECcJoj5dGPgI0iwjbkvs:BAVRpn/S+1jbkvs
TLSH	T1C133F889B8918F05C5D412BAFE1E118D331717A8D3DFB3129D206F247B8B96B0E7B916
telfhash	t18f01c2504e445aedf6a085d9830e3b6a7b062c695d63780318bb790f57139d1082089e
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter	zbetcheckin
Tags:	32 arm elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.29228.LC.UNOFFICIAL

Sanesecurity.Malware.30455.LC.BadVar.UNOFFICIAL

Sanesecurity.Malware.29229.LC.UNOFFICIAL

Sanesecurity.Malware.30481.LC.UNOFFICIAL

Unix.Dropper.Mirai-7135965-0

Unix.Trojan.Mirai-9970440-0

Unix.Trojan.Mirai-10027280-0

Unix.Trojan.Mirai-1

Result

Verdict:

Malware

Maliciousness:

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

anti-debug botnet mirai

Link:

https://www.filescan.io/uploads/66342d40de9c2e31030966cd/reports/d470040d-9356-4584-b898-e152de86e31c/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

not packed

Botnet:

185.172.128.53

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/df8358c374f070b6f1d642a4bdfe0449334ca39a1a04038b829475d2650a6ff7

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f4d12475-7489-4944-9817-248ce9b166f2

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1435703

Signature

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/df8358c374f070b6f1d642a4bdfe0449334ca39a1a04038b829475d2650a6ff7

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/df8358c374f070b6f1d642a4bdfe0449334ca39a1a04038b829475d2650a6ff7/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2024-05-02 23:56:17 UTC

File Type:

ELF32 Little (Exe)

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=36bvrq3u6byln4owiksl37qejezuzi42dicahc4csr25ezikn73q._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:botnet

Link:

https://tria.ge/reports/240503-allsfscc54/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/df8358c374f070b6f1d642a4bdfe0449334ca39a1a04038b829475d2650a6ff7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Linux_Trojan_Mirai_0bce98a2 Create hunting rule
Author:	Elastic Security

Rule name:	Mirai_Botnet_Malware Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects Mirai Botnet Malware
Reference:	Internal Research

Rule name:	Mirai_Botnet_Malware_RID2EF6 Create hunting rule
Author:	Florian Roth
Description:	Detects Mirai Botnet Malware
Reference:	Internal Research

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf df8358c374f070b6f1d642a4bdfe0449334ca39a1a04038b829475d2650a6ff7

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2836235/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2024-05-03 00:17:54 UTC

url : hxxp://185.172.128.53/arm6