MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27f17c3a0788772b007a1a73f7d17e59b7315336e8d0a6d86858cd4260914d82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27f17c3a0788772b007a1a73f7d17e59b7315336e8d0a6d86858cd4260914d82
SHA3-384 hash: 37f83b4c34a0cef6b7f5eac322d40a4d5688662046dad36d092e25cd55c037a67b2f80e201801e3258ae463e82cba6e8
SHA1 hash: 399f51b5df93567dcebd5a812bd4844d36b9984f
MD5 hash: 7a4c6659930f27be0a0dfb273ae4bb0d
humanhash: fifteen-batman-orange-maine
File name:skid.arm
Download: download sample
Signature Mirai
Create hunting rule
File size:88'720 bytes
First seen:2025-04-28 19:37:51 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:IwpPdcxhdZYPFA8roDA3x6kQjQilNPPfrsW0+3LZaz70FIHuk2vT/t85ZYuivlG:IUPAdmi/DA5QjQiDnfrs1ctuAFIHuk2C
TLSH T1EC831945BC419A56C6C556BBFF1E428D332A23ACE3DA3213DD259F2137DB61A0E3B052
telfhash t1a3f084f54e1108ec68dac3c440cf23606b4830fe370996a921ac6f4bc0930d7f62a60d
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Other.Malware-gen.27428.20596.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=680fe034c8b2e86d0ac3ee3blinux22vpnfull_triage
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
expand lolbin masquerade remote
Link:
https://www.filescan.io/uploads/680fd93e906e09d3a265c581/reports/5d01567f-7fd9-42e4-ab8f-5acefb111749/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
true
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
18
Number of processes launched:
1
Processes remaning?
true
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/27f17c3a0788772b007a1a73f7d17e59b7315336e8d0a6d86858cd4260914d82
Behaviour
Anti-VM
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/acec7636-c8d6-415d-8c01-1ffdae604161
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1676635
Signature
Multi AV Scanner detection for submitted file
Sample reads /proc/mounts (often used for finding a writable filesystem)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1676635 Sample: skid.arm.elf Startdate: 28/04/2025 Architecture: LINUX Score: 52 12 daisy.ubuntu.com 2->12 14 Multi AV Scanner detection for submitted file 2->14 7 skid.arm.elf 2->7         started        signatures3 process4 signatures5 16 Sample reads /proc/mounts (often used for finding a writable filesystem) 7->16 10 skid.arm.elf 7->10         started        process6
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/27f17c3a0788772b007a1a73f7d17e59b7315336e8d0a6d86858cd4260914d82
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/27f17c3a0788772b007a1a73f7d17e59b7315336e8d0a6d86858cd4260914d82/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-04-28 19:38:36 UTC
File Type:
ELF32 Little (Exe)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e7yxyoqhrb3swad2djz7pul6lg3tcuzw5diknwdildgueyerjwba._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/250428-ycgzxaxsdw/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/27f17c3a0788772b007a1a73f7d17e59b7315336e8d0a6d86858cd4260914d82

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Generic_Threat_e9aef030
Create hunting rule
Author:Elastic Security
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1041e0cd4983cf59126b1fef00d9e3661c719bc7c3d63b716d60b162104b866f

Mirai

elf 27f17c3a0788772b007a1a73f7d17e59b7315336e8d0a6d86858cd4260914d82

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3529214/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 1041e0cd4983cf59126b1fef00d9e3661c719bc7c3d63b716d60b162104b866f
  
Dropped by
MD5 553b90237f71e6d9910c716e71b671b0
  
URLhaus
https://urlhaus.abuse.ch/url/3529210/
  
Dropped by
SHA256 8865272b1f43638a68066ffced66dd5b17ae722c20c4d7087ec4503b77f6a7d3
  
Dropped by
MD5 9d8538673d605abbb8adfb076e0bea0a
  
URLhaus
https://urlhaus.abuse.ch/url/3524647/

Comments