MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c2fc7a67744d1f8f7c1e65c74d33eca19ee18aba95ca6f60d66d967ffd2c738. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	0c2fc7a67744d1f8f7c1e65c74d33eca19ee18aba95ca6f60d66d967ffd2c738
SHA3-384 hash:	7e3a59c25dab0002ff9344db8501ab189d3fc070e61d84d16d8975b05a21fbd248484ef6365c615962065737c45bd02e
SHA1 hash:	d2e7f46fc9b698960cb08efb4b7452c4d3a4237e
MD5 hash:	fcb2526b9be74f72fcd68fd3f2cb07bb
humanhash:	hamper-three-triple-april
File name:	mips
Download:	download sample
Signature	Mirai Create hunting rule
File size:	73'340 bytes
First seen:	2025-12-04 03:12:13 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	768:4jEjlaB1YS3Mi0c6IBSTn94PuRMeQfWjylphK5uLHeF1gv3ttDWeACmknJv9CSjL:CC63MKWnHf2mknJv9CO47SB0ezjoE
TLSH	T19563D95A3E319FECFBA982354BB38E21675C23CA26E1C5C5D19CD6011E7034E245FBA8
telfhash	t1c3016d5c883852f0e7a51d9d7bedfe77d45160df0a21af378d00fe69aa258428e00c2c
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

Mirai

Details

Mirai

an XOR decryption key and at least a c2 socket address

Link:

https://research.acce.ciphertechsolutions.com/results/0b129cf0-d890-406c-af75-3f1164181e65/

Gathering data

Result

Verdict:

Malware

Maliciousness:

Behaviour

Runs as daemon

Opens a port

Sends data to a server

Connection attempt

Substitutes an application name

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

mirai

Link:

https://www.filescan.io/uploads/6930fc17bba50eaf04204a4a/reports/4e59e582-484b-42c5-ab32-35e122ff42fc/overview

Result

Gathering data

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/8342a355-2306-4bc3-9f79-fe4f7f838778

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1826037

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/0c2fc7a67744d1f8f7c1e65c74d33eca19ee18aba95ca6f60d66d967ffd2c738

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/0c2fc7a67744d1f8f7c1e65c74d33eca19ee18aba95ca6f60d66d967ffd2c738/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-12-04 03:12:22 UTC

File Type:

ELF32 Big (Exe)

AV detection:

23 of 36 (63.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bqx4pjtxiti7r56b4zohjuz6zim64gflvfokn5qnm3mwp76sy44a._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai discovery

Link:

https://tria.ge/reports/251204-dqergsylht/

Behaviour

System Network Configuration Discovery

Changes its process name

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 0c2fc7a67744d1f8f7c1e65c74d33eca19ee18aba95ca6f60d66d967ffd2c738

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3724610/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample