MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f22c9a9c6bdbcc55cefc5d63192278c36f058d7e62b0309ba48c4efe77813684. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f22c9a9c6bdbcc55cefc5d63192278c36f058d7e62b0309ba48c4efe77813684
SHA3-384 hash: 2a251e116d7aed94c1324bdbba7aa5744ac146faffe9147bd8ad55b996cf6829b21edce308936dcfe6df34c086b7d0d8
SHA1 hash: 496bdeaabeead1bf18cb8727bb4b9566dbc7d854
MD5 hash: db447deb1504efb925b235748e8a3d86
humanhash: washington-mirror-timing-tennis
File name:db447deb1504efb925b235748e8a3d86
Download: download sample
Signature Mirai
Create hunting rule
File size:24'768 bytes
First seen:2022-05-13 17:35:37 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:092OCo7VXyOniOH7NAF9pyhWqus3Uoz90:abCoBX9r6F9pynz6
TLSH T12BB2E11E5E411DA0D5F1083DA76EC80153B3077DC1EAF4B566008EA86BCB49753BCAEB
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter zbetcheckin
Tags:32 arm elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/627e970c804c0977d3ebf16e/reports/69b080fc-baed-44f2-a088-48b24abf2039/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/f22c9a9c6bdbcc55cefc5d63192278c36f058d7e62b0309ba48c4efe77813684
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3d42fb91-0120-41b4-a96d-e735e6c17bd9
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/993777
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f22c9a9c6bdbcc55cefc5d63192278c36f058d7e62b0309ba48c4efe77813684/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-05-13 17:36:06 UTC
File Type:
ELF32 Little (Exe)
AV detection:
9 of 41 (21.95%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/220513-v6j5kshga5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f22c9a9c6bdbcc55cefc5d63192278c36f058d7e62b0309ba48c4efe77813684

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf f22c9a9c6bdbcc55cefc5d63192278c36f058d7e62b0309ba48c4efe77813684

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2193352/

Comments


Avatar
zbet commented on 2022-05-13 17:35:42 UTC

url : hxxp://2.56.57.187/bins/Tsunami.arm5