MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 273d0221dc2565e9db2c66c0a817db6f97422456c451db8f478e68861e9ccefa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 273d0221dc2565e9db2c66c0a817db6f97422456c451db8f478e68861e9ccefa
SHA3-384 hash: f17da9752058324a714c5f28eaa5de7b60a5201f0cd4339d3568e3ade9fab48618b4d6fae5960bca3523cd5d5b49f34d
SHA1 hash: d9c6e211af09fc25808ee3dd192885a2adce7d7d
MD5 hash: b0a60b07381787a79524ae7bc48bbbe0
humanhash: four-harry-iowa-monkey
File name:ARM64
Download: download sample
Signature Mirai
Create hunting rule
File size:2'115'280 bytes
First seen:2026-02-25 16:06:38 UTC
Last seen:2026-02-25 21:32:09 UTC
File type: elf
MIME type:application/x-executable
ssdeep 49152:503NJc37/eVNm+rxADpS5GtEHVv4BKSX5XPYJJ/ANdwwFlgdqoDwoe+Q:509ur/e3m8SpS5jVwhX52J/A1lRonQ
TLSH T1DCA53352B9CB1554D4D6CF9BE9BC90FAF0504D98964D129DADCFCBB2726E0A20C9CCB0
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf UPX
File size (compressed) :2'115'280 bytes
File size (de-compressed) :7'995'540 bytes
Format:linux/arm64
Unpacked file: ecaaefc7170b2e0f9d44ab4b43715d1a8ae1444dcd3cbfcb44a85ca40127a8e7

Intelligence

File Origin
# of uploads :
3
# of downloads :
72
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Siggen.11787.6185.4302.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Changes access rights for a written file
Changes the time when the file was created, accessed, or modified
Creating a file in the %temp% directory
Runs as daemon
Receives data from a server
Collects information on the OS
Creating a file
Launching a process
Sends data to a server
Creating a process from a recently created file
Collects information on the CPU
Creates or modifies files in /cron to set up autorun
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/273d0221dc2565e9db2c66c0a817db6f97422456c451db8f478e68861e9ccefa
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.64.le
Link:
https://opentip.kaspersky.com/273d0221dc2565e9db2c66c0a817db6f97422456c451db8f478e68861e9ccefa/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4a03d799-45e2-4669-b6be-7765d9088070
Behavior Graph:
Download SVG
%3 guuid=24cddf71-1800-0000-0b6a-2a8bd10a0000 pid=2769 /usr/bin/sudo guuid=18f8e173-1800-0000-0b6a-2a8bd80a0000 pid=2776 /tmp/sample.bin guuid=24cddf71-1800-0000-0b6a-2a8bd10a0000 pid=2769->guuid=18f8e173-1800-0000-0b6a-2a8bd80a0000 pid=2776 execve
Malware family:
LiquorBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3e276c42-8d9a-4f0d-8df2-2d8e79365382
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/1874839
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/273d0221dc2565e9db2c66c0a817db6f97422456c451db8f478e68861e9ccefa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/273d0221dc2565e9db2c66c0a817db6f97422456c451db8f478e68861e9ccefa/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e46qeio4evs6twzmm3akqf63n6luejcwyri5xd2hrzuimhu4z35a._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
linux upx
Link:
https://tria.ge/reports/260225-tkrf4acx9b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/273d0221dc2565e9db2c66c0a817db6f97422456c451db8f478e68861e9ccefa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 273d0221dc2565e9db2c66c0a817db6f97422456c451db8f478e68861e9ccefa

(this sample)

Mirai

elf ecaaefc7170b2e0f9d44ab4b43715d1a8ae1444dcd3cbfcb44a85ca40127a8e7

  
URLhaus
https://urlhaus.abuse.ch/url/3785545/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3785550/
  
Dropping
SHA256 ecaaefc7170b2e0f9d44ab4b43715d1a8ae1444dcd3cbfcb44a85ca40127a8e7
  
Dropping
MD5 1bdad7cd0fd1c5559adbe5abf9bb1965

Comments