MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 296b377852120be33fdaad750dbf4085311c3851c88f132e48f9d7e58d1c6a6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 296b377852120be33fdaad750dbf4085311c3851c88f132e48f9d7e58d1c6a6c
SHA3-384 hash: 8a2b92326569aaf772ca7e2454de72aad25b756daccae4724fa340f8932a6f171558da981374af12da444746c2231d7b
SHA1 hash: ac0d9396e738938cf3351fc45b6764319799c418
MD5 hash: ccd722def83b5a4800163a44fda07c13
humanhash: orange-florida-emma-berlin
File name:rondo.sparc
Download: download sample
Signature Mirai
Create hunting rule
File size:130'024 bytes
First seen:2025-12-21 11:22:42 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 3072:QeUJ99ngIo1EK3vSvOGQdhiP41H1DEZBnTeh3xNt8njgA:HP/38n8A
TLSH T177D36C22F57E492BC5C490B752F74736E1F2234920BC4A0E3D631E8DBF6565022A77AE
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
gafgyt mirai
Link:
https://www.filescan.io/uploads/6947d8a23f8fdbf8e94d834b/reports/34903176-e7bb-408e-ad7c-0af20d39637b/overview
Verdict:
Unknown
File Type:
elf.32.be
First seen:
2025-12-21T12:11:00Z UTC
Last seen:
2025-12-21T12:25:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/296b377852120be33fdaad750dbf4085311c3851c88f132e48f9d7e58d1c6a6c/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/d1f1f176-b83a-4f36-b669-0c3a2f94e58b
Behavior Graph:
Download SVG
%3 guuid=cf586604-1900-0000-4831-8d23ac130000 pid=5036 /usr/bin/sudo guuid=5ccb2706-1900-0000-4831-8d23b2130000 pid=5042 /tmp/sample.bin guuid=cf586604-1900-0000-4831-8d23ac130000 pid=5036->guuid=5ccb2706-1900-0000-4831-8d23b2130000 pid=5042 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/0bfe660c-3794-48d4-b4cb-41e2747decb2
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/1836989
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/296b377852120be33fdaad750dbf4085311c3851c88f132e48f9d7e58d1c6a6c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/296b377852120be33fdaad750dbf4085311c3851c88f132e48f9d7e58d1c6a6c/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 11:23:23 UTC
File Type:
ELF32 Big (Exe)
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ffvto6cscif6gp62vv2q3p2aquyryocrzchrglsi7hl6ldi4njwa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251221-nhbd7sbs4c/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d28e995e-1975-47cf-929b-1c61d04e8a8d
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/296b377852120be33fdaad750dbf4085311c3851c88f132e48f9d7e58d1c6a6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 296b377852120be33fdaad750dbf4085311c3851c88f132e48f9d7e58d1c6a6c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3736091/
  
Delivery method
Distributed via web download

Comments