MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f65148df3d938e1c99bbd2917e32fbdc6dddad1b65e8ee9dbe98d515066997d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f65148df3d938e1c99bbd2917e32fbdc6dddad1b65e8ee9dbe98d515066997d7
SHA3-384 hash: d5860e643aed59448ee5c29a94410c5d5c74790edf606b25900bbec920873b26ce603abc678877b7ae9bfda6dda8690e
SHA1 hash: 86c1cdcbe967b8031f908d0adcfd3f51c84f69ec
MD5 hash: 5f1ed963d112cce024ec7fd9bdbf7400
humanhash: aspen-artist-wisconsin-sixteen
File name:nabm68k
Download: download sample
Signature Mirai
Create hunting rule
File size:43'960 bytes
First seen:2024-11-28 08:36:28 UTC
Last seen:2024-12-08 14:44:17 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:2kLeGD9segFkzBdMiWGJJJJJlCzkCSO5jQNxHPDuL8zwDgRiA5q8vAy3yPl+:2IRQFkzBKrGJJJJJlCYCL5jAdPDuLzDa
TLSH T1A913F793B410DD7DF989EEBBC50F4A0DB130765682620763B367F96BA831284AC2ED45
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
3
# of downloads :
113
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.31075.LX.BOT.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-6981989-0
Create hunting rule

Unix.Trojan.Mirai-7755770-0
Create hunting rule

Unix.Trojan.Mirai-9885259-0
Create hunting rule

Unix.Trojan.Mirai-9940650-0
Create hunting rule

Unix.Trojan.Mirai-10008934-0
Create hunting rule

Unix.Trojan.Mirai-10018298-0
Create hunting rule

Unix.Trojan.Gafgyt-6735924-0
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67482d60b31374f098355f6blinux22vpnfull_triage
Tags:
malware
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/67482bb06f67292d42271958/reports/a1fba685-f6bd-4b8c-801d-edf0507fe1c7/overview
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f7d01819-b7d8-4f00-baf5-f3b01e89e08e
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1564397
Signature
Connects to many ports of the same IP (likely port scanning)
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1564397 Sample: nabm68k.elf Startdate: 28/11/2024 Architecture: LINUX Score: 56 24 netfags.geek. [malformed] 2->24 26 71.18.131.64, 23, 41246 WINDSTREAMUS United States 2->26 28 101 other IPs or domains 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Connects to many ports of the same IP (likely port scanning) 2->32 8 dash rm nabm68k.elf 2->8         started        10 dash rm 2->10         started        12 dash head 2->12         started        14 7 other processes 2->14 signatures3 34 Sends malformed DNS queries 24->34 process4 process5 16 nabm68k.elf 8->16         started        process6 18 nabm68k.elf 16->18         started        20 nabm68k.elf 16->20         started        22 nabm68k.elf 16->22         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/f65148df3d938e1c99bbd2917e32fbdc6dddad1b65e8ee9dbe98d515066997d7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f65148df3d938e1c99bbd2917e32fbdc6dddad1b65e8ee9dbe98d515066997d7/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2024-11-28 08:37:04 UTC
File Type:
ELF32 Big (Exe)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ziurxz5sohbzgn32kix4mx33rw53li3mxuo5hn6tdkrkbtjs7lq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/241128-kh5q9sxqdm/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-6981989-0
YARA:
n/a
Link:
https://app.threat.zone/submission/21d3672b-80d4-4489-be58-9b207330c41f
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf f65148df3d938e1c99bbd2917e32fbdc6dddad1b65e8ee9dbe98d515066997d7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3299508/
  
Delivery method
Distributed via web download

Comments