MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1793598573085d9afc2da1a61414c6be35f568fe700afcc3d8958bfc2b7e703b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 12

Intelligence 12 IOCs YARA 4 File information Comments

SHA256 hash:	1793598573085d9afc2da1a61414c6be35f568fe700afcc3d8958bfc2b7e703b
SHA3-384 hash:	42036b2e24845b37bc21607191834b71c13fc5ab1b8f679daf0b884cb1d14a912ac2ef18e6db00d14c103afb9bb1c5b6
SHA1 hash:	7308659c352bbfd54b6c187017f6b353cc7d2973
MD5 hash:	cb8d131118e905668f3cb8ffd98e4524
humanhash:	two-pennsylvania-beer-ceiling
File name:	neon.armv6l
Download:	download sample
Signature	Mirai Create hunting rule
File size:	164'444 bytes
First seen:	2025-06-14 14:59:57 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	3072:eA+3Be9NCBuc6uXbKbUEa3mAoQ7rRTw+mnDTQdT:ePBAIuaXWbta7LrR8nDMT
TLSH	T1B5F30946F8819B21D5D111BEFE1E124E37231B78E2DE72029D246F747B8A87B0E3B915
telfhash	t19711c065df9c1fdc1fd54968a0ca433a2e55319e0976640fcf9d9f4f4a130c2b069432
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 8297096ace9950dd556f37c5160f0139fa18c2fee8ae91f75b637807186a4351

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	62'500 bytes
File size (de-compressed) :	164'444 bytes
Format:	linux/arm
Packed file:	8297096ace9950dd556f37c5160f0139fa18c2fee8ae91f75b637807186a4351

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=684d906b8bd5d68a12e8a310linux22vpnfull_triage

Tags:

gafgyt mirai ddos

Result

Verdict:

Malware

Maliciousness:

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2e029b3d-2520-443e-91a7-67757ea9c43b

Result

Threat name:

Gafgyt, Mirai

Detection:

malicious

Classification:

troj

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1714556

Signature

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Gafgyt

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/1793598573085d9afc2da1a61414c6be35f568fe700afcc3d8958bfc2b7e703b

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/1793598573085d9afc2da1a61414c6be35f568fe700afcc3d8958bfc2b7e703b/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-06-14 15:05:42 UTC

File Type:

ELF32 Little (Exe)

AV detection:

21 of 37 (56.76%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=c6jvtbltbbozv7bnugtbifggxy27k2h6oafpzq6yswf7yk36oa5q._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai

Link:

https://tria.ge/reports/250614-sk2fmazly3/

Malware Config

C2 Extraction:

traxanhc2.duckdns.org

Verdict:

Malicious

Tags:

trojan gafgyt Unix.Dropper.Mirai-7135897-0

YARA:

Linux_Trojan_Gafgyt_28a2fe0c Linux_Gafgyt_May_2024

Link:

https://app.threat.zone/submission/aeab3e34-5e1d-4de6-9e33-286063e8d431

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mirai

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/1793598573085d9afc2da1a61414c6be35f568fe700afcc3d8958bfc2b7e703b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CVE_2017_17215 Create hunting rule
Author:	NDA0E
Description:	Detects exploitation attempt of CVE-2017-17215

Rule name:	ELF_Mirai Create hunting rule
Author:	NDA0E
Description:	Detects multiple Mirai variants

Rule name:	Linux_Trojan_Gafgyt_28a2fe0c Create hunting rule
Author:	Elastic Security

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 8297096ace9950dd556f37c5160f0139fa18c2fee8ae91f75b637807186a4351

Mirai

elf 1793598573085d9afc2da1a61414c6be35f568fe700afcc3d8958bfc2b7e703b

(this sample)

Dropped by

SHA256 8297096ace9950dd556f37c5160f0139fa18c2fee8ae91f75b637807186a4351

URLhaus

https://urlhaus.abuse.ch/url/3559989/

Delivery method

Distributed via web download

Dropped by

MD5 0abf86b8a740a2d6f80617b837a2cc74

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample