MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc9cd21c31270e9ee4886c6c1982db48b2384a15e7d99c65de7444c99e7cb277. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	fc9cd21c31270e9ee4886c6c1982db48b2384a15e7d99c65de7444c99e7cb277
SHA3-384 hash:	9427dd557975945c1d2130a62868edba8e4e4e65294ec3cd6b0cd1977812d5949cc2481ee6a7afe045f9716095be8a02
SHA1 hash:	115fbbe4e3e049a41af60758c8a845ba6c122e9f
MD5 hash:	21504a4c22791af02d7d97d49538e885
humanhash:	cola-indigo-batman-ack
File name:	x86-20220414-1450
Download:	download sample
Signature	Mirai Create hunting rule
File size:	19'604 bytes
First seen:	2022-04-14 14:50:03 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	384:MZbB7BBEuOzn6Wc5C3GAAqv7moC58Mmd876o+fKRrRX1gS0U2Fose/x9sMBLv1RB:u7BwjfLn9moP1876o+SjX1g/zFoWMxB
TLSH	T12192D15E5083CFEBDC0B9234116A0C7FBE5138C547CEE5441B2869B7D6F52A6EB2429C
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter	tolisec
Tags:	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

189

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Mirai.4511.3400.22794.UNOFFICIAL

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/625834a2eab80a7a6c13bef4/reports/ca12500f-2321-42b8-98bc-7d940cf59956/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

x86

Packer:

UPX

Botnet:

172.245.36.116:80/bins

Number of open files:

Number of processes launched:

Processes remaning?

true

Remote TCP ports scanned:

Full report:

https://elfdigest.com/brief/fc9cd21c31270e9ee4886c6c1982db48b2384a15e7d99c65de7444c99e7cb277

Behaviour

Process Renaming

Botnet C2s

TCP botnet C2(s):

172.245.36.116:9372

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/7d367772-437a-4c10-b77b-c141cf96ff89

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/976988

Signature

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Uses known network protocols on non-standard ports

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/fc9cd21c31270e9ee4886c6c1982db48b2384a15e7d99c65de7444c99e7cb277/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2022-04-03 09:17:05 UTC

File Type:

ELF32 Little (Exe)

AV detection:

18 of 42 (42.86%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

9/10

Tags:

discovery linux

Link:

https://tria.ge/reports/220414-r75k5agch4/

Behaviour

Contacts a large (91697) amount of remote hosts

Creates a large amount of network flows

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.05

Link:

https://yomi.yoroi.company/submissions/fc9cd21c31270e9ee4886c6c1982db48b2384a15e7d99c65de7444c99e7cb277

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf fc9cd21c31270e9ee4886c6c1982db48b2384a15e7d99c65de7444c99e7cb277

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2134788/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample