MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d984b222dd19bebea36d85e08c0c24bd0cc17f5ca2a64b527b5bce78dc1846e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d984b222dd19bebea36d85e08c0c24bd0cc17f5ca2a64b527b5bce78dc1846e
SHA3-384 hash: 160381b0a7bbf4218de44129a6359b2e8b03b55b6bdec5c40d87efe34805a89f984d443cc3fb42e99d676b4f4733cd14
SHA1 hash: 38f43bc3b7bf78e15bc96401af6702d2c355f510
MD5 hash: 6940a5d7f3597bd1784521863e806d8a
humanhash: friend-bulldog-south-kansas
File name:ppc
Download: download sample
Signature Mirai
Create hunting rule
File size:166'404 bytes
First seen:2025-11-26 04:07:14 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:qKOXUwaQlqNOf8nTqsSAzHXbKE3palPaxV9MC6golqoOZu2DqjFRVxXewvArDEQK:AEelu+IvSAzWwCPaxk83ZDQRK1rGj
TLSH T19BF32A02731C0947D1A36DF43A3B27E093AFE56125F4FA44291F9B8A9271E335586ECE
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 b1fd27830a1b031c53a1d384b9ad882f6e8624d2995f4f9e45b6eb979086a0aa
File size (compressed) :57'408 bytes
File size (de-compressed) :166'404 bytes
Format:linux/ppc32
Packed file: b1fd27830a1b031c53a1d384b9ad882f6e8624d2995f4f9e45b6eb979086a0aa

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135957-0
Create hunting rule

Unix.Trojan.Mirai-9940367-0
Create hunting rule

Unix.Trojan.Mirai-10012200-0
Create hunting rule

Unix.Trojan.Mirai-10012671-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69267d2b62c67c73cfff67c3/reports/47762ef2-8e48-4b31-8316-130f9d997191/overview
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-11-26T01:15:00Z UTC
Last seen:
2025-11-26T02:06:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/2d984b222dd19bebea36d85e08c0c24bd0cc17f5ca2a64b527b5bce78dc1846e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/42822e0e-0f81-4b33-bfd2-5f4ba75e64c4
Behavior Graph:
Download SVG
%3 guuid=c36cf475-1900-0000-29f2-5aecda0f0000 pid=4058 /usr/bin/sudo guuid=2cf01078-1900-0000-29f2-5aece30f0000 pid=4067 /tmp/sample.bin guuid=c36cf475-1900-0000-29f2-5aecda0f0000 pid=4058->guuid=2cf01078-1900-0000-29f2-5aece30f0000 pid=4067 execve
Gathering data
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1820948
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/2d984b222dd19bebea36d85e08c0c24bd0cc17f5ca2a64b527b5bce78dc1846e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d984b222dd19bebea36d85e08c0c24bd0cc17f5ca2a64b527b5bce78dc1846e/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/2d984b222dd19bebea36d85e08c0c24bd0cc17f5ca2a64b527b5bce78dc1846e
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-26 04:08:15 UTC
File Type:
ELF32 Big (Exe)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fwmewirn2gn6x2rw3bparqgcjpimyf7vzivgjnjhww6opdobqrxa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai linux
Link:
https://tria.ge/reports/251126-eqayzatkdy/
Malware Config
C2 Extraction:
127.0.0.1
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135957-0
YARA:
n/a
Link:
https://app.threat.zone/submission/68883305-f340-4ab5-818e-1dd64ad1591d
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2d984b222dd19bebea36d85e08c0c24bd0cc17f5ca2a64b527b5bce78dc1846e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf b1fd27830a1b031c53a1d384b9ad882f6e8624d2995f4f9e45b6eb979086a0aa

Mirai

elf 2d984b222dd19bebea36d85e08c0c24bd0cc17f5ca2a64b527b5bce78dc1846e

(this sample)

  
Dropped by
SHA256 b1fd27830a1b031c53a1d384b9ad882f6e8624d2995f4f9e45b6eb979086a0aa
  
URLhaus
https://urlhaus.abuse.ch/url/3693004/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 0b057527623498d44dae3913143a0a17

Comments