MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21b54ececc92160559932e589e4f1838d72f1573ee0839a546378f3e53831569. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21b54ececc92160559932e589e4f1838d72f1573ee0839a546378f3e53831569
SHA3-384 hash: 445b1a92053500eec7eec0998c9c56ee1c224b3f1ad0e25d335b926cb3eef06267d1228dcb00fc2b07591644be76ffdb
SHA1 hash: b9f126a6bda82a74a9a843463921e05035406b15
MD5 hash: da06d47aca7b6bf969e7ccace0ac2896
humanhash: happy-fourteen-two-juliet
File name:Josho.ppc
Download: download sample
Signature Mirai
Create hunting rule
File size:51'332 bytes
First seen:2025-05-16 16:29:40 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:/KfsbnHAt1ezbnAgCN7RkIV3fgB1TRNRR7Eg3tbv6VFssuWXwdy4q:k6HAt1ezbnAXZUBt33tbC/3XwBq
TLSH T15D332942B22C094BF9E65AB0353F0FE093BFE98024E4B585695EEA458136F335586F8D
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135890-0
Create hunting rule

Unix.Dropper.Mirai-7135939-0
Create hunting rule

Unix.Dropper.Mirai-7135957-0
Create hunting rule

Unix.Dropper.Mirai-7136025-0
Create hunting rule

Unix.Trojan.Mirai-9940367-0
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=682769bd4a59e5a2ce054647linux22vpnfull_triage
Tags:
mirai
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sends data to a server
Receives data from a server
Runs as daemon
Substitutes an application name
Performs a bruteforce attack in the network
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/68276866bff72ff46b6541d6/reports/888daf9f-0232-432e-ba63-9b9cf5ceddaf/overview
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/33d3d75e-c3cd-40fc-bcea-08a331bd09d0
Result
Threat name:
n/a
Detection:
malicious
Classification:
spre
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1692217
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1692217 Sample: Josho.ppc.elf Startdate: 16/05/2025 Architecture: LINUX Score: 60 27 110.39.166.141, 23, 58526 WATEEN-IMS-PK-AS-APNationalWiMAXIMSenvironmentPK Pakistan 2->27 29 147.57.192.10, 23 WA-STATE-GOVUS United States 2->29 31 98 other IPs or domains 2->31 35 Antivirus / Scanner detection for submitted sample 2->35 37 Multi AV Scanner detection for submitted file 2->37 9 Josho.ppc.elf 2->9         started        signatures3 process4 process5 11 Josho.ppc.elf 9->11         started        13 Josho.ppc.elf 9->13         started        16 Josho.ppc.elf 9->16         started        signatures6 18 Josho.ppc.elf 11->18         started        21 Josho.ppc.elf 11->21         started        23 Josho.ppc.elf 11->23         started        39 Sample tries to kill multiple processes (SIGKILL) 13->39 process7 signatures8 33 Sample tries to kill multiple processes (SIGKILL) 18->33 25 Josho.ppc.elf 21->25         started        process9
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/21b54ececc92160559932e589e4f1838d72f1573ee0839a546378f3e53831569
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/21b54ececc92160559932e589e4f1838d72f1573ee0839a546378f3e53831569/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-05-16 16:32:09 UTC
File Type:
ELF32 Big (Exe)
AV detection:
27 of 37 (72.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eg2u5twmsilakwmtfzmj4tyyhdls6flt5yedtjkgg6ht4u4dcvuq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:josho linux
Link:
https://tria.ge/reports/250516-t1m4lscn5z/
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135890-0
YARA:
n/a
Link:
https://app.threat.zone/submission/b83b1ecf-3759-4c89-9b05-7960d155d1c9
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/21b54ececc92160559932e589e4f1838d72f1573ee0839a546378f3e53831569

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 21b54ececc92160559932e589e4f1838d72f1573ee0839a546378f3e53831569

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3545042/
  
Delivery method
Distributed via web download

Comments