MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22aee05b1ace745f05815e65064e687b58d8c28f11633a3b4ed148e464989b85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22aee05b1ace745f05815e65064e687b58d8c28f11633a3b4ed148e464989b85
SHA3-384 hash: 9728f86156ee85eae26c762be2bee0d88934bba1f95b92dd1d00253f0ff7c01ccd12d615117528994c266ec974f5f6f7
SHA1 hash: 33abb9738eae3f27c7df387eb6f1226be7efa3e8
MD5 hash: 63080e51ea8c451d23d2ff279e7c6c76
humanhash: six-two-sad-speaker
File name:87sbhas6as.mips
Download: download sample
Signature Mirai
Create hunting rule
File size:52'216 bytes
First seen:2025-12-23 20:48:29 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:1IaEEr7yyGjxJew5ZCQYZYpZ8M+XbF5A3O5hZ/l2F5rygaYz:1HFVGjxXCMEr85XaYz
TLSH T14833840E2E268FECF759C63587BB8D65A34C338736A1D681E26CD6011E5024E605FFB8
telfhash t1dcf0bd2c8d7423d497365ca5187debb7e5a031ed17266c274e51bd7caa6c9425d00c0c
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 4adf7e437eb11c1f470db0b4e24e56c9c2d796e03f4b4701d81d3aa353abab8e
File size (compressed) :20'064 bytes
File size (de-compressed) :52'216 bytes
Format:linux/mips
Packed file: 4adf7e437eb11c1f470db0b4e24e56c9c2d796e03f4b4701d81d3aa353abab8e

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30455.LC.BadVar.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-9858729-0
Create hunting rule

Unix.Trojan.Mirai-9951087-0
Create hunting rule

Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-12-23T18:48:00Z UTC
Last seen:
2025-12-24T15:01:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/22aee05b1ace745f05815e65064e687b58d8c28f11633a3b4ed148e464989b85/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/82c64fc6-3a4d-4ae9-a335-234c0e3a9107
Behavior Graph:
Download SVG
%3 guuid=caa427b7-1900-0000-41f3-a338dc080000 pid=2268 /usr/bin/sudo guuid=a723c9b8-1900-0000-41f3-a338dd080000 pid=2269 /tmp/sample.bin guuid=caa427b7-1900-0000-41f3-a338dc080000 pid=2268->guuid=a723c9b8-1900-0000-41f3-a338dd080000 pid=2269 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4357c0c4-40c8-492a-83f6-b1110804a7b5
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1838442
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1838442 Sample: 87sbhas6as.mips.elf Startdate: 23/12/2025 Architecture: LINUX Score: 48 14 130.12.180.134, 33966, 36144 DATAHOPDatahop-SixDegreesGB Canada 2->14 16 Multi AV Scanner detection for submitted file 2->16 8 87sbhas6as.mips.elf 2->8         started        signatures3 process4 process5 10 87sbhas6as.mips.elf 8->10         started        process6 12 87sbhas6as.mips.elf 10->12         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/22aee05b1ace745f05815e65064e687b58d8c28f11633a3b4ed148e464989b85
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/22aee05b1ace745f05815e65064e687b58d8c28f11633a3b4ed148e464989b85/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-23 20:49:16 UTC
File Type:
ELF32 Big (Exe)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ekxoawy2zz2f6bmblzsqmttipnmnrqupcfrtuo2o2feoizeytocq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/251223-zl59jasnb1/
Behaviour
System Network Configuration Discovery
Changes its process name
Writes file to system bin folder
Modifies Watchdog functionality
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-9858729-0
YARA:
n/a
Link:
https://app.threat.zone/submission/b8617778-722d-46a9-a876-157ef2ebfbbc
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/22aee05b1ace745f05815e65064e687b58d8c28f11633a3b4ed148e464989b85

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 4adf7e437eb11c1f470db0b4e24e56c9c2d796e03f4b4701d81d3aa353abab8e

Mirai

elf 22aee05b1ace745f05815e65064e687b58d8c28f11633a3b4ed148e464989b85

(this sample)

  
Dropped by
SHA256 4adf7e437eb11c1f470db0b4e24e56c9c2d796e03f4b4701d81d3aa353abab8e
  
URLhaus
https://urlhaus.abuse.ch/url/3741508/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 c368f1e15ab6bb2fa4e9053567c8cd14

Comments