MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe2b0f3f4cafb4da8ad97b63098436acde35ce0a955a0277f575d4ba898e9bb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 10

Intelligence 10 IOCs YARA 2 File information Comments

SHA256 hash:	fe2b0f3f4cafb4da8ad97b63098436acde35ce0a955a0277f575d4ba898e9bb4
SHA3-384 hash:	2f6860ac39e29e62ae95e2a27aedbd5019f91241a5ffe55605c1e550fee54e5f1c00269068384b986bac8e9828b2a308
SHA1 hash:	66867b67aca4f2b2d7d4b5cbc6a30ecef5b5ab35
MD5 hash:	d70e27950e20deb5595bc0d2e2d3001b
humanhash:	item-helium-muppet-single
File name:	harm4
Download:	download sample
Signature	Mirai Create hunting rule
File size:	36'732 bytes
First seen:	2024-11-27 21:01:39 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	768:WlWwl+qm1HvqJmll/mO8CRx9MrNaHBFh8/U0dx9H:eotvqImg9MIh+rH
TLSH	T1B8F23C80FD909A17C6D4127BBA2E82CD77161368E2EF3303DD166F61778A96B0DB7601
telfhash	t1a0f097240c810e7ea2a0d469529f7223a65af6ad3f636c4921da384d437a2a11421d56
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

109

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.31076.LX.BOT.UNOFFICIAL

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=674788cdb31374f098353f3blinux22vpnfull_triage

Tags:

malware

Result

Verdict:

Malware

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/674788d44759c792deb65622/reports/897ed95a-9aff-4387-a8a8-1ebe3bd3635c/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

true

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/fe2b0f3f4cafb4da8ad97b63098436acde35ce0a955a0277f575d4ba898e9bb4

Behaviour

Process Renaming

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a2db4a57-a32f-48b5-b85a-7d05a8970149

Result

Threat name:

n/a

Detection:

malicious

Classification:

troj

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1564146

Signature

Connects to many ports of the same IP (likely port scanning)

Sends malformed DNS queries

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/fe2b0f3f4cafb4da8ad97b63098436acde35ce0a955a0277f575d4ba898e9bb4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fe2b0f3f4cafb4da8ad97b63098436acde35ce0a955a0277f575d4ba898e9bb4/

Threat name:

Linux.Backdoor.Mirai

Status:

Malicious

First seen:

2024-11-27 21:02:09 UTC

File Type:

ELF32 Little (Exe)

AV detection:

4 of 38 (10.53%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7yvq6p2mv62nvcwzpnrqtbbwvtpdltqksvnae57voxklvcmoto2a._file

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/241127-zve4pszqbs/

Behaviour

Changes its process name

Unexpected DNS network traffic destination

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/502a2ea7-6693-4f09-9351-c5cb932c6d1d

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fe2b0f3f4cafb4da8ad97b63098436acde35ce0a955a0277f575d4ba898e9bb4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.