MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 343611a4d51844223d3939f32354c662ac6668a62c59d023eeef5c838d640831. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 343611a4d51844223d3939f32354c662ac6668a62c59d023eeef5c838d640831
SHA3-384 hash: 8239e0a93c9c3b893b7a00a2c0d0e7e142cfbb11e3b1bc7c65f655d50ca73bee5992d8dcb0997da3ad71b03ed6e6a8e0
SHA1 hash: 3cd4f054c29e4b5c7deae0f8ef446086c07f7b2b
MD5 hash: c9ffe76b3ebea16ad71f2a3d07140cf5
humanhash: burger-butter-mango-autumn
File name:lol.armv5l
Download: download sample
Signature Mirai
Create hunting rule
File size:103'568 bytes
First seen:2025-04-21 11:13:10 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:4TnFXPLhR8krdA2+l2p4wTB4fVrYACcXVmrQWFrg396b4T7qggjxq/+3lzOD:YPRpAd2pjTB4fVMpGmr0tX7qgMOD
TLSH T184A30949E8A1AB25C1E525BAFE5D44CD330217BCD6EA71158C064F60B78F98D0E3EBC5
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=680629c62203b3e10cd2346alinux22vpnfull_triage
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
DNS request
Sends data to a server
Opens a port
Creating a file
Receives data from a server
Runs as daemon
Substitutes an application name
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6806284889fec6b88ba001f8/reports/9b37ee95-f93d-4f27-9259-577670c010cf/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
1
Number of processes launched:
3
Processes remaning?
true
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/343611a4d51844223d3939f32354c662ac6668a62c59d023eeef5c838d640831
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
type: 74.125.250.129:19302
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fdfada0b-a5ce-49af-964e-fa2ec70adcec
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1670267
Signature
Performs DNS TXT record lookups
Suricata IDS alerts for network traffic
Uses STUN server to do NAT traversial
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1670267 Sample: lol.armv5l.elf Startdate: 21/04/2025 Architecture: LINUX Score: 56 15 stun.l.google.com 2->15 17 6mv1eyr328y6due83u3js6whtzuxfyhw.su 2->17 19 6 other IPs or domains 2->19 21 Suricata IDS alerts for network traffic 2->21 7 lol.armv5l.elf 2->7         started        9 dash rm 2->9         started        11 dash rm 2->11         started        signatures3 23 Uses STUN server to do NAT traversial 15->23 25 Performs DNS TXT record lookups 17->25 process4 process5 13 lol.armv5l.elf 7->13         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/343611a4d51844223d3939f32354c662ac6668a62c59d023eeef5c838d640831
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/343611a4d51844223d3939f32354c662ac6668a62c59d023eeef5c838d640831/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-04-21 11:14:10 UTC
File Type:
ELF32 Little (Exe)
AV detection:
14 of 38 (36.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gq3bdjgvdbccepjzhhzsgvggmkwgm2fgfrm5ai7o55oihdlebayq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/250421-nbgmmsvqy5/
Behaviour
Changes its process name
Renames itself
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/343611a4d51844223d3939f32354c662ac6668a62c59d023eeef5c838d640831

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 343611a4d51844223d3939f32354c662ac6668a62c59d023eeef5c838d640831

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3514759/
  
Delivery method
Distributed via web download

Comments