MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fb2da6f4c65e1253efaee2da3bfa20e21ddb5094158a3e11074570445516bf4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fb2da6f4c65e1253efaee2da3bfa20e21ddb5094158a3e11074570445516bf4
SHA3-384 hash: c0752d91eb0471f6831badc753cdbd89e7582384e3bf61ac0f10049025998c2ba6b78662b0a1acc3f36d52cf12143aa5
SHA1 hash: 4b44325e131fc27af43fe3adab900fc0d8dec9ac
MD5 hash: 5aef699eb859ad4b9ec4f71590923ded
humanhash: william-quiet-bulldog-romeo
File name:ppc
Download: download sample
Signature Mirai
Create hunting rule
File size:166'404 bytes
First seen:2025-11-30 05:03:19 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:iNyraICPg6i2Dl1KXri8zQfiEkGrTPGxV94Cj8BpqAVZLGDXU/FRcuwvTvArDiQu:XrcPPbHKbi8zTCnPGxwtXkDaRsEr43
TLSH T12CF32A02731C0947D2A36DF4363B27E093AFD56125F4FB44291F9B8A92B1E325586ECE
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 08c62908c03fae070537287eb377e8ed1bfb74ac5a724e8dcf041896fe7f82fa
File size (compressed) :57'464 bytes
File size (de-compressed) :166'404 bytes
Format:linux/ppc32
Packed file: 08c62908c03fae070537287eb377e8ed1bfb74ac5a724e8dcf041896fe7f82fa

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
NL NL
Vendor Threat Intelligence
Malware configuration found for:
Mirai
Details
Mirai
an XOR decryption key and at least a c2 socket address
Link:
https://research.acce.ciphertechsolutions.com/results/d3c28c94-9811-43a0-a56f-54bec9c9d211/
Detection(s):
Unix.Dropper.Mirai-7135957-0
Create hunting rule

Unix.Trojan.Mirai-9940367-0
Create hunting rule

Unix.Trojan.Mirai-10012200-0
Create hunting rule

Unix.Trojan.Mirai-10012671-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/692bd04f1b65ca0bb927cbdf/reports/d9a50e2d-a89b-42c4-ad58-030db9ade12d/overview
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-11-30T02:10:00Z UTC
Last seen:
2025-11-30T03:22:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/1fb2da6f4c65e1253efaee2da3bfa20e21ddb5094158a3e11074570445516bf4/results?tab=lookup
Gathering data
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1823012
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1823012 Sample: ppc.elf Startdate: 30/11/2025 Architecture: LINUX Score: 48 12 34.243.160.129, 443, 50528 AMAZON-02US United States 2->12 14 Multi AV Scanner detection for submitted file 2->14 6 dash rm 2->6         started        8 dash rm 2->8         started        10 ppc.elf 2->10         started        signatures3 process4
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/1fb2da6f4c65e1253efaee2da3bfa20e21ddb5094158a3e11074570445516bf4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1fb2da6f4c65e1253efaee2da3bfa20e21ddb5094158a3e11074570445516bf4/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/1fb2da6f4c65e1253efaee2da3bfa20e21ddb5094158a3e11074570445516bf4
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-30 05:04:16 UTC
File Type:
ELF32 Big (Exe)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d6znu32mmxqskpx25yw2hp5cbyq53nijifmkhyiqorlqirkrnp2a._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai linux
Link:
https://tria.ge/reports/251130-fqc9rsslez/
Malware Config
C2 Extraction:
127.0.0.1
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135957-0
YARA:
n/a
Link:
https://app.threat.zone/submission/a5d4f38a-ebb8-4119-9706-4618c37eb2d3
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1fb2da6f4c65e1253efaee2da3bfa20e21ddb5094158a3e11074570445516bf4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 08c62908c03fae070537287eb377e8ed1bfb74ac5a724e8dcf041896fe7f82fa

Mirai

elf 1fb2da6f4c65e1253efaee2da3bfa20e21ddb5094158a3e11074570445516bf4

(this sample)

  
Dropped by
SHA256 08c62908c03fae070537287eb377e8ed1bfb74ac5a724e8dcf041896fe7f82fa
  
URLhaus
https://urlhaus.abuse.ch/url/3693004/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 eb175c5a4aab89d381c32f94533f62ef

Comments