qjerome
b2895c367e
Reviewed-on: #3 Co-authored-by: qjerome <quentin.jerome@circl.lu> Co-committed-by: qjerome <quentin.jerome@circl.lu>
62 lines
1.5 KiB
Markdown
62 lines
1.5 KiB
Markdown
# Sample Information
|
|
|
|
<table>
|
|
<tr>
|
|
<td><b>VirusTotal Threat Label</b></td>
|
|
<td><b><span style="color: red">trojan.mirai/gafgyt</span></b></td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>md5</b></td>
|
|
<td>cadc906c5123702e80d8047cabc77170</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>sha1</b></td>
|
|
<td>a4e4f736200d84284d67bc41361638ff43f0e99d</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>sha256</b></td>
|
|
<td>44c21f98d1fe78e1466ddc9dfd1113e1e416934b6a0eb2b1da0bcf27535f7775</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>sha512</b></td>
|
|
<td>04e43ef9e24f050a2e1223bbcf3f20bac34913d1425929232fd1bf3e4a3f5e5bbc3dac60c0026682be5540a05cfc72d15c123fd5cc5a41636d517b7c1811d3d8</td>
|
|
</tr>
|
|
</table>
|
|
|
|
**VirusTotal**: https://www.virustotal.com/gui/file/44c21f98d1fe78e1466ddc9dfd1113e1e416934b6a0eb2b1da0bcf27535f7775
|
|
|
|
## Analysis
|
|
|
|
|
|
|
|
## Detection Names
|
|
|
|
a variant of Linux/Gafgyt.AXI
|
|
Backdoor.Linux.Mirai.wan
|
|
DDoS
|
|
Detected
|
|
E32/ABRisk.EROA-7
|
|
ELF/Mirai.A!tr
|
|
ELF/TrojanGen.A
|
|
Exploit.CVE-2017-17215!8.1058B (TFE:17:5yO1GHIYYTK)
|
|
HEUR:Backdoor.Linux.Mirai.b
|
|
Linux.Backdoor.Mirai.b
|
|
LINUX/Gafgyt.pvebx
|
|
Linux.Siggen.9999
|
|
Mal/Generic-S
|
|
Malicious (score: 99)
|
|
Malware.LINUX/Gafgyt.pvebx
|
|
Other:Malware-gen [Trj]
|
|
Possible_SMMODUPXA
|
|
Suspicious.Linux.Save.a
|
|
Trojan[Backdoor]/Linux.Gafgyt.a
|
|
TrojanDDoS.Linux.nk
|
|
Trojan.Generic.35965739
|
|
Trojan.Generic.35965739 (B)
|
|
Trojan.Generic.D224CB2B
|
|
Trojan.Gen.NPE
|
|
Trojan.Linux.Gafgyt
|
|
Trojan.Linux.Mirai.K!c
|
|
Trojan:Linux/Multiverze
|
|
Trojan.Malware.121218.susgen
|
|
Unix.Trojan.DarkNexus-7679166-0
|