MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0bb6d6ef3f916ad9acfd4ffdb9f7ed980b7841879242cc4a0c752cdfe3eee883. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0bb6d6ef3f916ad9acfd4ffdb9f7ed980b7841879242cc4a0c752cdfe3eee883
SHA3-384 hash: 104ba823104e3d5c36d1e598da92944362a1d98f03d90e6b0d0d908bf75fdcc3d43ea593d9476a7ebfb23a8c828cc3d7
SHA1 hash: 5c21c9c1a7364dc42f4e93feb99abb03ebe337d0
MD5 hash: 168160a291698c4bab0f26a4173c6ca8
humanhash: network-table-twenty-vermont
File name:main.ppc
Download: download sample
Signature Mirai
Create hunting rule
File size:134'036 bytes
First seen:2025-01-04 13:26:44 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:FQ4XgYOclzaOrjLBqaxFB6xNVRAmB93LnErM/qSvAVyXGrQ+bopqHqRZoW:edkqaxKxNDLErM4wtOW
TLSH T1FCD33A06730C0A47D2632EB03A3F67E193EF9AC121E4F644355F9B8A95B1E325586ECD
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.28940.LC.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28880.LC.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-9441505-0
Create hunting rule

Unix.Trojan.Mirai-10011027-0
Create hunting rule

Unix.Trojan.Mirai-10011918-0
Create hunting rule

Unix.Trojan.Mirai-10012200-0
Create hunting rule

Unix.Trojan.Mirai-10012201-0
Create hunting rule

Unix.Trojan.Mirai-10012671-0
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6779383f74a2bd296e26989elinux22vpnfull_triage
Tags:
malware
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
DNS request
Receives data from a server
Sends data to a server
Creating a file
Runs as daemon
Substitutes an application name
Deleting of the original file
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
anti-debug bash lolbin masquerade remote
Link:
https://www.filescan.io/uploads/6779372fddbd8eb878d9370e/reports/b3a5ccc8-e137-41e1-a072-3a85a7433911/overview
Result
Verdict:
UNKNOWN
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/3ad00f72-1051-4cf3-83dc-e5ce416090ea
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1584164
Signature
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample deletes itself
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584164 Sample: main.ppc.elf Startdate: 04/01/2025 Architecture: LINUX Score: 76 21 lemonsmp.work.gd 102.211.232.40, 35852, 3778 CKL1-ASNKE unknown 2->21 23 Malicious sample detected (through community Yara rule) 2->23 25 Antivirus / Scanner detection for submitted sample 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 Yara detected Mirai 2->29 8 main.ppc.elf 2->8         started        11 systemd snap-failure 2->11         started        signatures3 process4 signatures5 31 Sample deletes itself 8->31 13 main.ppc.elf 8->13         started        15 snap-failure systemctl 11->15         started        17 snap-failure 11->17         started        process6 process7 19 main.ppc.elf 13->19         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/0bb6d6ef3f916ad9acfd4ffdb9f7ed980b7841879242cc4a0c752cdfe3eee883
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0bb6d6ef3f916ad9acfd4ffdb9f7ed980b7841879242cc4a0c752cdfe3eee883/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-01-04 13:27:09 UTC
File Type:
ELF32 Big (Exe)
AV detection:
14 of 38 (36.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bo3nn3z7sfvntlh5j763t57ntafxqqmhsjbmysqmouwn7y7o5cbq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250104-qp34xatmbl/
Verdict:
Malicious
Tags:
trojan gafgyt Unix.Trojan.Mirai-9441505-0
YARA:
Linux_Trojan_Gafgyt_28a2fe0c Linux_Trojan_Gafgyt_ea92cca8 Linux_Gafgyt_May_2024
Link:
https://app.threat.zone/submission/3c087d72-e9e2-4207-9eeb-f1cfaa6aad90
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0bb6d6ef3f916ad9acfd4ffdb9f7ed980b7841879242cc4a0c752cdfe3eee883

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 0bb6d6ef3f916ad9acfd4ffdb9f7ed980b7841879242cc4a0c752cdfe3eee883

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3388574/
  
Delivery method
Distributed via web download

Comments