MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09b4c90f5b3e7a45cae95bba99cdd6d44d10db494b38bead1c47cedeb71850f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09b4c90f5b3e7a45cae95bba99cdd6d44d10db494b38bead1c47cedeb71850f2
SHA3-384 hash: 1e3b124733f8fb5cd7f03ba3087b9ac9c99ab49f57b716523fea890b4917d5cb2fe15b1d39b0050e7646cc7c5f0cb452
SHA1 hash: a550d23eb8e99b10226408acbc7f98f9eed6afc1
MD5 hash: e22320914ab0ede2d0875a34b05a1de1
humanhash: carolina-mountain-pip-fish
File name:dlr.sh4
Download: download sample
Signature Mirai
Create hunting rule
File size:1'508 bytes
First seen:2025-12-06 07:28:32 UTC
Last seen:2025-12-07 04:26:02 UTC
File type: elf
MIME type:application/x-executable
ssdeep 24:PxKkiDQUpXFpcDQWpVE/tuYiAQWfqhbsfnMrkHgAiZXgzN:phPUpXT5WpS/birxhIvMrckgB
TLSH T1AB31500DFA88BD04FF14CC3899657B762F270D2F840EEE9B4D1A95B0483B54C30A42AD
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
3
# of downloads :
85
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Trojan.Linux.GenericKD.63636.24042.22474.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/6933db51bba50eaf04241ade/reports/4d28f934-e6e6-4618-8034-8f860b5f76a7/overview
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-12-06T06:30:00Z UTC
Last seen:
2025-12-06T07:08:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/09b4c90f5b3e7a45cae95bba99cdd6d44d10db494b38bead1c47cedeb71850f2/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/75146484-8b2a-471b-b123-f402196f16ca
Result
Threat name:
n/a
Detection:
suspicious
Classification:
spre
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/1827871
Signature
Sample tries to kill multiple processes (SIGKILL)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1827871 Sample: dlr.sh4.elf Startdate: 06/12/2025 Architecture: LINUX Score: 24 29 169.254.169.254, 80 USDOSUS Reserved 2->29 31 179.43.172.109, 2113, 32894, 52766 PLI-ASCH Panama 2->31 33 2 other IPs or domains 2->33 7 dlr.sh4.elf Hari 2->7         started        10 python3.8 dpkg 2->10         started        process3 file4 27 /tmp/Hari, ELF 7->27 dropped 12 Hari 7->12         started        14 Hari 7->14         started        17 Hari 7->17         started        process5 signatures6 19 Hari iptables 12->19         started        21 Hari iptables 12->21         started        23 Hari iptables 12->23         started        25 30 other processes 12->25 35 Sample tries to kill multiple processes (SIGKILL) 14->35 process7
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/09b4c90f5b3e7a45cae95bba99cdd6d44d10db494b38bead1c47cedeb71850f2
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/09b4c90f5b3e7a45cae95bba99cdd6d44d10db494b38bead1c47cedeb71850f2/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-06 07:15:32 UTC
File Type:
ELF32 Little (Exe)
AV detection:
11 of 38 (28.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bg2msd23hz5elsxjlo5jttow2rgrbw2jjm4l5li4i7hn5nyykdza._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251206-jbd5aszlcm/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/94e8619d-3a9c-49c9-a6f4-5245d51f8005
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/09b4c90f5b3e7a45cae95bba99cdd6d44d10db494b38bead1c47cedeb71850f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 09b4c90f5b3e7a45cae95bba99cdd6d44d10db494b38bead1c47cedeb71850f2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3726970/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3726997/
  
URLhaus
https://urlhaus.abuse.ch/url/3727724/

Comments