Sample name: | JGG1a56dcB.elfrenamed because original name is a hash value |
Original sample name: | 76d78ee0f506495328a91377700e7f42.elf |
Analysis ID: | 1428821 |
MD5: | 76d78ee0f506495328a91377700e7f42 |
SHA1: | 28abadda7df259a003d129c92825683146bd6446 |
SHA256: | 6188f21394351041ff8d95e937c3cdfe2df3f5769710ab3824fa9331a66c3e5f |
Tags: | 32elfmiraisparc |
Infos: |
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
|
AV Detection |
---|
Source: |
ReversingLabs: |
Source: |
TCP traffic: |
||
Source: |
TCP traffic: |
||
Source: |
TCP traffic: |
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
System Summary |
---|
Source: |
Name: |
||
Source: |
Name: |
||
Source: |
Name: |
Source: |
ELF static info symbol of initial sample: |
||
Source: |
ELF static info symbol of initial sample: |
||
Source: |
ELF static info symbol of initial sample: |
Source: |
String containing 'busybox' found: |
||
Source: |
String containing 'busybox' found: |
Source: |
Classification label: |
Source: |
Queries kernel information via 'uname': |
Jump to behavior |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: |
File source: |
||
Source: |
File source: |
Remote Access Functionality |
---|
Source: |
File source: |
||
Source: |
File source: |
No Screenshots
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |