MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fed28cbf2b646710dbf3cd9d80d0b9a873093571ab7058df2af36e819c7afc8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fed28cbf2b646710dbf3cd9d80d0b9a873093571ab7058df2af36e819c7afc8c
SHA3-384 hash: 0a53f713c152d10c87de3a0f315dea121bfc70b1c39f22fd84569a39ce76ff9ef2addd298a5da086b1eb42d226c225f4
SHA1 hash: 68af3188fcfe898bf290459561e24e091e42cb24
MD5 hash: 118b0961aac9bbf6ec56b4370e0552a1
humanhash: coffee-echo-illinois-nuts
File name:118b0961aac9bbf6ec56b4370e0552a1
Download: download sample
Signature Mirai
Create hunting rule
File size:26'696 bytes
First seen:2022-06-03 12:42:30 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:GMfcRnfmNOcbFUjw3vlVFJgGlzDpbuR1Jn:Gdf2Oxw3vlpVJuV
TLSH T137C2E15C031602D1EA1F4474AFF817621F750FA2E505CC4BAA25EFE3BE562B578C72A0
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter zbetcheckin
Tags:32 elf mips mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
335
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Siggen.9999.3112.4612.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug gafgyt mirai
Link:
https://www.filescan.io/uploads/629a0213e2d15aaa1d644493/reports/d9b90227-cb17-403f-9d43-827b208f351e/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
unknown
Number of open files:
17
Number of processes launched:
7
Processes remaning?
false
Remote TCP ports scanned:
23
Full report:
https://elfdigest.com/brief/fed28cbf2b646710dbf3cd9d80d0b9a873093571ab7058df2af36e819c7afc8c
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
62.197.136.92:9506
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cb0e1a98-69c0-40d6-af36-2af0c6b9403d
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1006333
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 638837 Sample: 8zla0LeXmf Startdate: 03/06/2022 Architecture: LINUX Score: 64 22 45.161.156.162, 23 masternetltda-meBR Brazil 2->22 24 165.59.69.78, 23 ZAMTELZM Zambia 2->24 26 98 other IPs or domains 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Yara detected Mirai 2->30 32 Uses known network protocols on non-standard ports 2->32 34 Sample is packed with UPX 2->34 8 8zla0LeXmf 2->8         started        signatures3 process4 process5 10 8zla0LeXmf 8->10         started        12 8zla0LeXmf 8->12         started        14 8zla0LeXmf 8->14         started        process6 16 8zla0LeXmf 10->16         started        18 8zla0LeXmf 10->18         started        20 8zla0LeXmf 10->20         started       
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/fed28cbf2b646710dbf3cd9d80d0b9a873093571ab7058df2af36e819c7afc8c/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2022-06-03 12:43:06 UTC
File Type:
ELF32 Big (Exe)
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=73jizpzlmrtrbw7tzwoybufzvbzqsnlrvnyfrxzk6nxidhd27sga._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
discovery linux
Link:
https://tria.ge/reports/220603-pxw5wsahdj/
Behaviour
Reads runtime system information
Reads system network configuration
Enumerates active TCP sockets
Contacts a large (19051) amount of remote hosts
Creates a large amount of network flows
Modifies the Watchdog daemon
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fed28cbf2b646710dbf3cd9d80d0b9a873093571ab7058df2af36e819c7afc8c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf fed28cbf2b646710dbf3cd9d80d0b9a873093571ab7058df2af36e819c7afc8c

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2223338/

Comments


Avatar
zbet commented on 2022-06-03 12:42:32 UTC

url : hxxp://62.197.136.92/xnxx/vailon.mips