MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f87ff37c60f85eaa77540683dd43e01a8da02d2b3e0fec5acf11826095577c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f87ff37c60f85eaa77540683dd43e01a8da02d2b3e0fec5acf11826095577c5
SHA3-384 hash: df7150c534af692828cc2660f8d6890b9b54150f9db49d3e2f45372f682b2034aa38edb8fe864a7d2d5d9ae5966a24e2
SHA1 hash: 4e0d25e56c2cc7aedfed97e935caec5e32457639
MD5 hash: f0a41751595d3375157ac4b5bfd70b1b
humanhash: winner-connecticut-skylark-mississippi
File name:Josho.spc
Download: download sample
Signature Mirai
Create hunting rule
File size:60'116 bytes
First seen:2025-05-16 16:29:44 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:TXon00+q9wp3C+vactfa1sDHHYAzsv6WswWSHoXdss63B/9JO+zC3m:TXw00+SY3CaactfI6Hvzsv6vwcGJN
TLSH T142432925AD792E26C0D4B57A51F78714F2F2220E26B8C61E3CB21E4EFF04B4065577BA
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135890-0
Create hunting rule

Unix.Dropper.Mirai-7135939-0
Create hunting rule

Unix.Dropper.Mirai-7136025-0
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=682769df4a59e5a2ce054654linux22vpnfull_triage
Tags:
n/a
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/682768680de036ed65aa1cc1/reports/71c735ca-7bec-49ba-9ee1-24a6038f44a2/overview
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/822659c1-efb5-48b0-aea2-f5e9b215be5b
Result
Threat name:
n/a
Detection:
malicious
Classification:
spre
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1692215
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1692215 Sample: Josho.spc.elf Startdate: 16/05/2025 Architecture: LINUX Score: 60 44 156.38.239.177 xneeloZA South Africa 2->44 46 206.159.232.176, 23 XO-AS15US United States 2->46 48 98 other IPs or domains 2->48 50 Antivirus / Scanner detection for submitted sample 2->50 52 Multi AV Scanner detection for submitted file 2->52 10 Josho.spc.elf 2->10         started        signatures3 process4 process5 12 Josho.spc.elf 10->12         started        15 Josho.spc.elf 10->15         started        17 Josho.spc.elf 10->17         started        signatures6 56 Sample tries to kill multiple processes (SIGKILL) 12->56 19 Josho.spc.elf 12->19         started        21 Josho.spc.elf 12->21         started        23 Josho.spc.elf 15->23         started        26 Josho.spc.elf 15->26         started        28 Josho.spc.elf 15->28         started        process7 signatures8 30 Josho.spc.elf 19->30         started        32 Josho.spc.elf 19->32         started        34 Josho.spc.elf 19->34         started        54 Sample tries to kill multiple processes (SIGKILL) 23->54 36 Josho.spc.elf 23->36         started        38 Josho.spc.elf 23->38         started        process9 process10 40 Josho.spc.elf 30->40         started        42 Josho.spc.elf 30->42         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/1f87ff37c60f85eaa77540683dd43e01a8da02d2b3e0fec5acf11826095577c5
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/1f87ff37c60f85eaa77540683dd43e01a8da02d2b3e0fec5acf11826095577c5/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-05-16 16:32:12 UTC
File Type:
ELF32 Big (Exe)
AV detection:
25 of 37 (67.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d6d76n6gb6c6vj3vibud3vb6agunuawswpqp5rnm6emcmckvo7cq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:josho linux
Link:
https://tria.ge/reports/250516-t1nedacn51/
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135890-0
YARA:
n/a
Link:
https://app.threat.zone/submission/948c1974-2b2c-40fb-8c23-0ed39a9f7991
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/1f87ff37c60f85eaa77540683dd43e01a8da02d2b3e0fec5acf11826095577c5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 1f87ff37c60f85eaa77540683dd43e01a8da02d2b3e0fec5acf11826095577c5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3545056/
  
Delivery method
Distributed via web download

Comments