MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e4d4678e7f5a2f53900189adf1f02e590aa0f36bcf24562f144e634737b1b3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e4d4678e7f5a2f53900189adf1f02e590aa0f36bcf24562f144e634737b1b3a
SHA3-384 hash: 75ac7dca79fc1bce66a209ce3a58584ac520d149007f69d91114398f36708555df1c339e7e8732fc7c9b44ad0ad841b4
SHA1 hash: 2a1168ff06915dcec137062a37f41c38fd5af43b
MD5 hash: e8f192ee66746fcda272f7cef4369b03
humanhash: east-nineteen-jig-foxtrot
File name:agetty
Download: download sample
Signature Mirai
Create hunting rule
File size:99'832 bytes
First seen:2025-07-17 17:32:33 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:Yow4+9OHp8gEpb9P+syvt+9YM59S38QtBB9G4pd:Nw7O5Ub9Pb4w9Y8nSBc4H
TLSH T151A34B22FA190927C4E8617621F78331F5F353DA14788A0A7EB24E8D7F246443667EF6
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
24
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.29052.TSource.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated
Link:
https://www.filescan.io/uploads/687933e37bc45bdee1b000e8/reports/d0725229-aa44-4c73-8cfd-ba20d1764194/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/322f65e8-1452-4ae8-88d6-509e5a881f32
Behavior Graph:
Download SVG
%3 guuid=72aa766e-1800-0000-bd17-01c6d10a0000 pid=2769 /usr/bin/sudo guuid=815d9e70-1800-0000-bd17-01c6d40a0000 pid=2772 /tmp/sample.bin guuid=72aa766e-1800-0000-bd17-01c6d10a0000 pid=2769->guuid=815d9e70-1800-0000-bd17-01c6d40a0000 pid=2772 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1502995f-c9e5-47f4-934f-733632175bb4
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1738992
Signature
Connects to many ports of the same IP (likely port scanning)
Multi AV Scanner detection for submitted file
Terminates several processes with shell command 'killall'
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1738992 Sample: agetty.elf Startdate: 17/07/2025 Architecture: LINUX Score: 56 56 194.13.241.103 ZEELANDNETDELTAFiberNederlandNL Netherlands 2->56 58 209.49.107.52 XO-AS15US United States 2->58 60 99 other IPs or domains 2->60 62 Multi AV Scanner detection for submitted file 2->62 64 Connects to many ports of the same IP (likely port scanning) 2->64 9 agetty.elf 2->9         started        11 xfce4-session xfce4-panel 2->11         started        13 xfce4-session rm 2->13         started        15 6 other processes 2->15 signatures3 process4 process5 17 agetty.elf 9->17         started        19 agetty.elf 9->19         started        21 agetty.elf 9->21         started        23 xfce4-panel wrapper-2.0 11->23         started        25 xfce4-panel wrapper-2.0 11->25         started        27 xfce4-panel wrapper-2.0 11->27         started        29 3 other processes 11->29 process6 31 agetty.elf sh 17->31         started        33 agetty.elf sh 17->33         started        35 agetty.elf sh 17->35         started        39 361 other processes 17->39 37 wrapper-2.0 xfpm-power-backlight-helper 23->37         started        process7 41 sh killall 31->41         started        44 sh killall 33->44         started        46 sh killall 35->46         started        48 sh killall 39->48         started        50 sh killall 39->50         started        52 sh killall 39->52         started        54 134 other processes 39->54 signatures8 66 Terminates several processes with shell command 'killall' 41->66
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/0e4d4678e7f5a2f53900189adf1f02e590aa0f36bcf24562f144e634737b1b3a
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/0e4d4678e7f5a2f53900189adf1f02e590aa0f36bcf24562f144e634737b1b3a/
Verdict:
Malicious
Threat:
Linux.Worm.Mirai
Link:
https://tip.neiki.dev/file/0e4d4678e7f5a2f53900189adf1f02e590aa0f36bcf24562f144e634737b1b3a
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-07-17 17:33:22 UTC
File Type:
ELF32 Big (Exe)
AV detection:
19 of 38 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bzgum6hh6wrpkoiadcnn6hyc4wikudzwxtzekyxrittdi433dm5a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250717-v4z31sdr2y/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/2213f8f2-317c-4166-adba-e24783a59509
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0e4d4678e7f5a2f53900189adf1f02e590aa0f36bcf24562f144e634737b1b3a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 0e4d4678e7f5a2f53900189adf1f02e590aa0f36bcf24562f144e634737b1b3a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3584486/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3584479/
  
URLhaus
https://urlhaus.abuse.ch/url/3576540/

Comments