MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb2ee8e140280e726dddf987f0a6e70d3d6426ba94137596f8b02ea471ee3267. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	eb2ee8e140280e726dddf987f0a6e70d3d6426ba94137596f8b02ea471ee3267
SHA3-384 hash:	67b74f73cc5571cd4575e2902646426f96c0a17993349fd8441345396b0a246b19ab0c9871ad12ed952e8888498426f6
SHA1 hash:	8c276f2945fa6bd1df40347998e10b1c9c981b84
MD5 hash:	8c91b14e65b9cac88fdf4b2efd4df4fa
humanhash:	table-king-october-arizona
File name:	main.mips
Download:	download sample
Signature	Mirai Create hunting rule
File size:	173'652 bytes
First seen:	2025-01-04 13:26:48 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	3072:J5k1+7s4DZQwGWhn+NuPEi92Q74j1esrR:J5kss4D2Wh+cZ2rjEsrR
TLSH	T1D704991D6E228F7DF668873147B78E25976823DA27E1D644D2ACC1106F2029E641FFEC
telfhash	t12e4163180e7407f4a3395c8d159cef3b96a331db7e166c378f11e46aab689435e10c0c
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.28940.LC.UNOFFICIAL

Sanesecurity.Malware.28880.LC.UNOFFICIAL

Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL

SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL

Unix.Trojan.Mirai-8041698-0

Unix.Trojan.Mirai-9441505-0

Unix.Trojan.Mirai-10011027-0

Unix.Trojan.Mirai-10011918-0

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6779384474a2bd296e2698b0linux22vpnfull_triage

Tags:

gafgyt mirai

Result

Verdict:

Malware

Maliciousness:

Behaviour

Runs as daemon

Connection attempt

Receives data from a server

DNS request

Sends data to a server

Creating a file

Substitutes an application name

Deleting of the original file

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

anti-debug bash lolbin masquerade remote

Link:

https://www.filescan.io/uploads/67793734885f9fd08ee87b6d/reports/97c2cf24-6c31-40c3-b185-400e4e5d2554/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

mips

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

true

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/eb2ee8e140280e726dddf987f0a6e70d3d6426ba94137596f8b02ea471ee3267

Behaviour

Process Renaming

Botnet C2s

TCP botnet C2(s):

type:Mirai 102.211.232.40:3778

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/25de3654-f974-4463-924a-e630a9985d9c

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1584161

Signature

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample deletes itself

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/eb2ee8e140280e726dddf987f0a6e70d3d6426ba94137596f8b02ea471ee3267

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/eb2ee8e140280e726dddf987f0a6e70d3d6426ba94137596f8b02ea471ee3267/

Threat name:

Linux.Backdoor.Mirai

Status:

Malicious

First seen:

2025-01-04 13:27:12 UTC

File Type:

ELF32 Big (Exe)

AV detection:

20 of 38 (52.63%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5mxorykafahhe3o57gd7bjxhbu6wijv2sqjxlfxywaxki4pogjtq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai discovery

Link:

https://tria.ge/reports/250104-qp34xa1mdy/

Behaviour

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Deletes itself

Verdict:

Malicious

Tags:

trojan gafgyt Unix.Trojan.Mirai-8041698-0

YARA:

Linux_Trojan_Gafgyt_28a2fe0c Linux_Trojan_Gafgyt_ea92cca8 Linux_Gafgyt_May_2024

Link:

https://app.threat.zone/submission/17f9d5c9-ce73-4ffe-9a71-4bfc8db3ca70

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/eb2ee8e140280e726dddf987f0a6e70d3d6426ba94137596f8b02ea471ee3267

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf eb2ee8e140280e726dddf987f0a6e70d3d6426ba94137596f8b02ea471ee3267

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3388578/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample