MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fbbb9fc2cc0e81e39e2bb99ab4d93c4dfb6775cf71c04c31354c122e8ca4094. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fbbb9fc2cc0e81e39e2bb99ab4d93c4dfb6775cf71c04c31354c122e8ca4094
SHA3-384 hash: 6a94d00f0a63a0a701568f9016635ce12d3bd057f7340a58563e0c4caadbb1c57bdd99057e33f3a17b5234e9146832a1
SHA1 hash: b37152b443a6aafeb7735977b18097c81f821da0
MD5 hash: a542686eb37080b763805f7f8ac4d046
humanhash: xray-fix-jupiter-gee
File name:fuckunix.arm
Download: download sample
Signature Mirai
Create hunting rule
File size:55'688 bytes
First seen:2025-01-04 13:21:41 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:L57mKQGZbpcaRWKC51It5XX2ZuAb+10m6:L57rngKGabXX2YAe
TLSH T15E434A95F8828A12C1D1127BFA2E968D3B2563E8D2DF73039D301F61369B82B0D6BD55
telfhash t14131df644a481accb3d48e5583ce767b3a2a35a9b71529098f5b2b2f02a3de27616031
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.28880.LC.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28886.LC.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28959.LC.UNOFFICIAL
Create hunting rule

Unix.Dropper.Mirai-7136013-0
Create hunting rule

Unix.Trojan.Mirai-8025795-0
Create hunting rule

Unix.Trojan.Mirai-9441505-0
Create hunting rule

Unix.Trojan.Mirai-9858729-0
Create hunting rule

Unix.Trojan.Mirai-9950762-0
Create hunting rule

Unix.Trojan.Mirai-10011027-0
Create hunting rule

Unix.Trojan.Mirai-10011918-0
Create hunting rule

Verdict:
Clean
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6779374e74a2bd296e269856linux22vpnfull_triage
Tags:
malware
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug masquerade obfuscated
Link:
https://www.filescan.io/uploads/67793603d8e3c9589c5d61a3/reports/f521db09-4425-4b9c-8566-c470b7799045/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
true
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
100
Number of processes launched:
3
Processes remaning?
true
Remote TCP ports scanned:
2323,23
Full report:
https://elfdigest.com/brief/1fbbb9fc2cc0e81e39e2bb99ab4d93c4dfb6775cf71c04c31354c122e8ca4094
Behaviour
Anti-VM
Process Renaming
Botnet C2s
TCP botnet C2(s):
type:Mirai 102.211.232.40:3778
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a972dbbc-3f78-49ea-b702-04a66ee9d598
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1584150
Signature
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/1fbbb9fc2cc0e81e39e2bb99ab4d93c4dfb6775cf71c04c31354c122e8ca4094
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1fbbb9fc2cc0e81e39e2bb99ab4d93c4dfb6775cf71c04c31354c122e8ca4094/
Threat name:
Linux.Backdoor.Bushido
Create hunting rule
Status:
Malicious
First seen:
2025-01-04 13:22:09 UTC
File Type:
ELF32 Little (Exe)
AV detection:
17 of 23 (73.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d653t7bmydub4opcxom2wtmtytp3m52464oajqytktasf2gkicka._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:condi
Link:
https://tria.ge/reports/250104-ql79fstkhp/
Malware Config
C2 Extraction:
lemonsmp.work.gd
report.condinet.cf
Verdict:
Malicious
Tags:
trojan gafgyt Unix.Dropper.Mirai-7136013-0
YARA:
Linux_Trojan_Gafgyt_28a2fe0c Linux_Gafgyt_May_2024
Link:
https://app.threat.zone/submission/955e6246-4dbd-4c4b-b330-2b18d7597f1b
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1fbbb9fc2cc0e81e39e2bb99ab4d93c4dfb6775cf71c04c31354c122e8ca4094

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 1fbbb9fc2cc0e81e39e2bb99ab4d93c4dfb6775cf71c04c31354c122e8ca4094

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3388559/
  
Delivery method
Distributed via web download

Comments