Sample:

39c3a0714be0d43dc6561b289eb65bd0e9e77e4207248978b924339c3ca21465



Summary

OS ABI: UNIX - System V

CPU class: 32 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement MSB

File type: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

CPU type: MIPS I

Entropy: 5.34986545203

Syscalls executed (root): 21

Syscalls executed (user): 20

ELF type: Executable file

ELF

Class: 32 bit

Data encoding: 2's complement MSB

Operating system ABI: UNIX - System V

Object file type: Executable file

ELF version: 0.1

Machine: MIPS I

Entrypoint: 0x400260

Number of segments: 3

Number of sections: 13

Program header table offset: 52

Section header table offset: 35980

Program header table - size of entry: 32

Section header table - size of entry: 40

Program header table - entries: 3

Section header table - entries: 13

Section header table - index sections names: 12

Stripped: True

Sections stripped: False

  • PT_GNU_STACK at offset 0x0
  • .mdebug.abi32
  • .sbss
  • section without a name
  • .rodata - 6.461358

Debug information: False

Hash

MD5: 69cdd06ff427c60bf9850be3bea40354

SHA1: 6c5440bd9dd5a090df79fcc4399c903d63c8f96b

SHA256: 39c3a0714be0d43dc6561b289eb65bd0e9e77e4207248978b924339c3ca21465

SHA512: 5f56d99faafc7b535e38e653e61f7c9b410ecce38602407c0a3abf8252e5f66809de947d1ed27fc0df083ea48b13730d836a1e9b0323f580269737d9048a4edf

ssdeep: 768:GRKD+Y32xeFAHQT+uMxiqKO7fkGlehPgIl26/z0x2thv31jYl:GR7pgqKEfsL68hv6l

Bytes

Entropy: 5.34986545203

Min entropy (16KB blocks): 5.16852597856

Max entropy (16KB blocks): 5.20517652298

Unique bytes (0-255): 255

Null bytes: 10543

White spaces: 1983

Printable bytes: 6710

First 16B: 7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00

Last 16B: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00

Byte: 0x0

Offset: 0x87da

Length: 257

  • 0xef - 1 times
  • 0xf7 - 1 times
  • 0xc1 - 0 times
  • 0x0 - 10543 times
  • 0x8f - 1704 times
  • 0x10 - 1341 times

File type

Mime type: application/x-executable

File type: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

VirusTotal

URL: https://www.virustotal.com/#/file/39c3a0714be0d43dc6561b289eb65bd0e9e77e4207248978b924339c3ca21465

Positive: 28

Total AVs: 59

Scan date: 2018-08-23 02:37:36

AVClass: mirai

Avast-Mobile: ELF:Mirai-UD [Trj]

Jiangmin: Backdoor.Linux.bkww

Cyren: ELF/Trojan.PEFJ-9

GData: Linux.Trojan.Mirai.E

TrendMicro: Possible_MIRAI.SMLBO14

Tencent: Linux.Backdoor.Mirai.Wrqz

TrendMicro-HouseCall: Possible_MIRAI.SMLBO14

Microsoft: Backdoor:Linux/Mirai!rfn

Ikarus: Trojan.Linux.Mirai

Qihoo-360: Win32/Backdoor.6f4

ClamAV: Unix.Malware.Agent-6625397-0

ESET-NOD32: Linux/Mirai.DZ

Sophos: Mal/Generic-S

Antiy-AVL: Trojan[Backdoor]/Linux.Mirai.b

Fortinet: Linux/Mirai.B!tr.bdr

Kaspersky: HEUR:Backdoor.Linux.Mirai.b

AegisLab: Backdoor.Linux.Mirai!c

NANO-Antivirus: Trojan.Mirai.ffqqrq

Comodo: UnclassifiedMalware

DrWeb: Linux.Mirai.1570

ZoneAlarm: HEUR:Backdoor.Linux.Mirai.b

AVG: ELF:Mirai-UC [Trj]

Symantec: Linux.Mirai

McAfee-GW-Edition: Linux/Mirai.f

Avast: ELF:Mirai-UC [Trj]

Zillya: Backdoor.Mirai.Linux.24271

Avira: LINUX/Mirai.leqkt

McAfee: Linux/Mirai.f

Data Explore

  • /bin/busybox
  • /dev/null

Code Explore

Sandbox (user)

Standard output:

Standard error: Segmentation fault

Sandbox (root)

Standard output:

Standard error: Segmentation fault

Behavior

Segmentation fault: True

  • fcntl
  • setsockopt
  • socket
  • rt_sigaction
  • bind
  • rt_sigprocmask
  • getppid
  • getpid
  • times
  • brk
  • connect
  • getsockname
  • time
  • close
  • execve
  • listen

Unique number: 16

Total number: 20

Number of processes: 1

Trace lines lost: 0

Max sleep: -1.0

Segmentation fault: True

  • fcntl
  • setsockopt
  • socket
  • rt_sigaction
  • commit_creds
  • rt_sigprocmask
  • time
  • getppid
  • getpid
  • times
  • brk
  • connect
  • getsockname
  • bind
  • close
  • execve
  • listen

Unique number: 17

Total number: 21

Number of processes: 1

Trace lines lost: 0

Max sleep: -1.0