MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00fa9098d983a0db8f8f86201772499a0843b018aba79f2962b5cdd3b48da09a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00fa9098d983a0db8f8f86201772499a0843b018aba79f2962b5cdd3b48da09a
SHA3-384 hash: 35b65262f8dddd7ad34abfdb20d2e906446c7196f735840fcd8b8ff756c280ca15cf5575675f1d7581b2d1b79c3f54a6
SHA1 hash: 52ac20444c33c2169a80403b3b08a1306cd91063
MD5 hash: 94663e98ef32948550e71187b479e3e3
humanhash: stairway-bacon-happy-skylark
File name:mipsel
Download: download sample
File size:120'240 bytes
First seen:2025-04-19 11:18:22 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:DT0S9zXu9kX+ekXlhXl/zXFokX4CHqy+C1IfsLOTFQtX+BobDr2xQudN5UJq6nGz:X0CCHJ7ORSbDrGzdN5gYOrrMElOiyr
TLSH T1A6C31EC5BFA03FBFD81ECD324198CA0512AC4A5A53A4AF7B1E70D404B69B15E5AD3C8C
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30456.LC.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-9853181-0
Create hunting rule

Unix.Trojan.Mirai-9854559-0
Create hunting rule

Unix.Trojan.Mirai-9885101-0
Create hunting rule

Unix.Malware.Mirai-9896989-0
Create hunting rule

Unix.Trojan.Mirai-9897079-0
Create hunting rule

Unix.Trojan.Mirai-9899908-0
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=680386982203b3e10cd19a00linux22vpnfull_triage
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Launching a process
Creating a file
Creates directories
Sets a written file as executable
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
lolbin remote
Link:
https://www.filescan.io/uploads/6803868690767142c3dba9be/reports/9cc819ba-1975-4d3f-b554-911f5f788bc7/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
not packed
Botnet:
unknown
Number of open files:
7
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/00fa9098d983a0db8f8f86201772499a0843b018aba79f2962b5cdd3b48da09a
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d8cc96f9-7f49-4aa9-8a05-88f07f204b97
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1669131
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1669131 Sample: mipsel.elf Startdate: 19/04/2025 Architecture: LINUX Score: 48 26 123.253.61.23, 50806, 50808, 50810 COLODEE-AS-APCOLODEEDIGITALNETWORKCOLTDTH Thailand 2->26 28 Multi AV Scanner detection for submitted file 2->28 10 mipsel.elf 2->10         started        signatures3 process4 process5 12 mipsel.elf 10->12         started        process6 14 mipsel.elf 12->14         started        process7 16 mipsel.elf sh 14->16         started        18 mipsel.elf sh 14->18         started        process8 20 sh mv 16->20         started        22 sh chmod 16->22         started        24 sh mkdir 18->24         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/00fa9098d983a0db8f8f86201772499a0843b018aba79f2962b5cdd3b48da09a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00fa9098d983a0db8f8f86201772499a0843b018aba79f2962b5cdd3b48da09a/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-04-19 11:19:19 UTC
File Type:
ELF32 Little (Exe)
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ad5jbggzqoqnxd4pqyqbo4sjtieehmayvotz6klcwxg5hnenucna._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/250419-nejleatzez/
Behaviour
Reads runtime system information
System Network Configuration Discovery
File and Directory Permissions Modification
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-9853181-0
YARA:
n/a
Link:
https://app.threat.zone/submission/6c753af4-a3b5-4da5-ba33-c9c8c1fee639
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/00fa9098d983a0db8f8f86201772499a0843b018aba79f2962b5cdd3b48da09a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 00fa9098d983a0db8f8f86201772499a0843b018aba79f2962b5cdd3b48da09a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3517961/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments