MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0dd676b07a73f9e6a3d5d10b6a7117868992bb203ae5d7e71ab2c9ae087974eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0dd676b07a73f9e6a3d5d10b6a7117868992bb203ae5d7e71ab2c9ae087974eb
SHA3-384 hash: c4709f8eeb5dcb25c67b9cb46217ecbcd04f500d3ddf99e751ffe08b65ebcb713690c3d84c8264b12592c32d71478b76
SHA1 hash: 347f27e3659022281c4305985b2ac4a09e5f8014
MD5 hash: 472b3557d5a21136e574ce0887a730e6
humanhash: asparagus-chicken-kansas-carolina
File name:ppc
Download: download sample
Signature Mirai
Create hunting rule
File size:67'352 bytes
First seen:2025-11-02 12:37:52 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:uwCvTYNDxogPWfhQwIAZ9H7wc8KMWiqvHok:wrYJSUWlF78KnR
TLSH T178632C02731C0957D6B3ADB0253F27E1D3BBE9A120F4B684651E9B899371E325186FCE
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 0336841522cf08828127a92bcc31bfe066142a492480810269236a1922f63c19
File size (compressed) :33'676 bytes
File size (de-compressed) :67'352 bytes
Format:linux/ppc32
Packed file: 0336841522cf08828127a92bcc31bfe066142a492480810269236a1922f63c19

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135957-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Connection attempt
Sends data to a server
Receives data from a server
Creating a file
DNS request
Substitutes an application name
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/690750d1a3d163109528623c/reports/bfea2a63-49c9-43fa-a90b-63b3d1c3a08b/overview
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-11-02T09:45:00Z UTC
Last seen:
2025-11-02T16:35:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/0dd676b07a73f9e6a3d5d10b6a7117868992bb203ae5d7e71ab2c9ae087974eb/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/af45608c-43c2-4c69-8ca2-a8f4af0268e7
Behavior Graph:
Download SVG
%3 guuid=821b52cf-2c00-0000-8865-3b32ad040000 pid=1197 /usr/bin/sudo guuid=30fd13d1-2c00-0000-8865-3b32b4040000 pid=1204 /tmp/sample.bin guuid=821b52cf-2c00-0000-8865-3b32ad040000 pid=1197->guuid=30fd13d1-2c00-0000-8865-3b32b4040000 pid=1204 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d4db9e82-f759-496a-b022-f80e6b4da251
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1806472
Signature
Antivirus / Scanner detection for submitted sample
Manipulation of devices in /dev
Multi AV Scanner detection for submitted file
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1806472 Sample: ppc.elf Startdate: 02/11/2025 Architecture: LINUX Score: 68 19 squibblypuff.asia 185.14.92.55, 23, 25565, 34306 INTERCOLO-ASintercoloIP-BackboneDE Germany 2->19 21 109.202.202.202, 80 INIT7CH Switzerland 2->21 23 3 other IPs or domains 2->23 25 Antivirus / Scanner detection for submitted sample 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 Yara detected Mirai 2->29 7 ppc.elf 2->7         started        9 dash rm 2->9         started        11 dash rm 2->11         started        signatures3 process4 process5 13 ppc.elf 7->13         started        file6 17 /dev/.392221, ASCII 13->17 dropped 31 Manipulation of devices in /dev 13->31 signatures7
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/0dd676b07a73f9e6a3d5d10b6a7117868992bb203ae5d7e71ab2c9ae087974eb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0dd676b07a73f9e6a3d5d10b6a7117868992bb203ae5d7e71ab2c9ae087974eb/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/0dd676b07a73f9e6a3d5d10b6a7117868992bb203ae5d7e71ab2c9ae087974eb
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-02 12:38:44 UTC
File Type:
ELF32 Big (Exe)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxlhnmd2op46ni6v2efwu4ixq2ezfozahls5pzy2wle24cdzotvq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai linux
Link:
https://tria.ge/reports/251102-pvd7asak81/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0dd676b07a73f9e6a3d5d10b6a7117868992bb203ae5d7e71ab2c9ae087974eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 0336841522cf08828127a92bcc31bfe066142a492480810269236a1922f63c19

Mirai

elf 0dd676b07a73f9e6a3d5d10b6a7117868992bb203ae5d7e71ab2c9ae087974eb

(this sample)

  
Dropped by
SHA256 0336841522cf08828127a92bcc31bfe066142a492480810269236a1922f63c19
  
URLhaus
https://urlhaus.abuse.ch/url/3693004/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 022fffaa627733ff61223bd1a288f645

Comments