MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35015fb875ac600a10a334312194687b18ce3fe741d0fd275af672d9526fe6b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	35015fb875ac600a10a334312194687b18ce3fe741d0fd275af672d9526fe6b9
SHA3-384 hash:	b3031e18be2e0479bc344b1038c6095eb4ff94672e73da504ad22f23e25d523a3752c30bacb0b2926098d41b1ab8a8db
SHA1 hash:	d928a961d400cbb0f51c6682592c5bc65d6151a0
MD5 hash:	f9277d216dd978b9802115795e823e16
humanhash:	hydrogen-bacon-finch-ink
File name:	dlr.mpsl
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'016 bytes
First seen:	2025-02-11 15:01:53 UTC
Last seen:	2025-02-11 15:48:44 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	24:OY23H/ki9mpHR/ixZuDa9mC05BJL4mmlZ9npeIgO/qM+UTK8mKUlu/OTlTwFLCFK:Eff2MnuDW2B6df96OScTLmPkOTyFqXZ
TLSH	T14341121A2F801F33DDA6CC32154B27112ACCD41BA06A63916334E960BD3F645A7D38A8
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.DownLoader.533.19301.19928.UNOFFICIAL

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67ab66f4f667f46cd183092blinux22vpnfull_triage

Tags:

mirai

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Receives data from a server

Sends data to a server

Creating a file

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

masquerade

Link:

https://www.filescan.io/uploads/67ab66aeaea83a272b36fe2d/reports/3645f7ed-49d9-44a0-8c29-9355e3de2f1d/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

mips

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/35015fb875ac600a10a334312194687b18ce3fe741d0fd275af672d9526fe6b9

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Result

Verdict:

UNKNOWN

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/1328bb23-70b5-4a3d-b6c8-5ea45f864025

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1612194

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/35015fb875ac600a10a334312194687b18ce3fe741d0fd275af672d9526fe6b9

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/35015fb875ac600a10a334312194687b18ce3fe741d0fd275af672d9526fe6b9/

Threat name:

Linux.Backdoor.Mirai

Status:

Malicious

First seen:

2025-02-11 15:02:24 UTC

File Type:

ELF32 Little (Exe)

AV detection:

13 of 38 (34.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=guav7odvvrqauefdgqysdfdipmmm4p7hihip2j226zznsutp424q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250211-sekwpaxrgm/

Behaviour

Writes file to tmp directory

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/132ce9f5-048e-44b6-a406-b73529caf019

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mirai

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/35015fb875ac600a10a334312194687b18ce3fe741d0fd275af672d9526fe6b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh cf1300d92066f64202bcefd9ab1736ed59c0089c9e30c4da501f5dc4e21af111

Mirai

elf 35015fb875ac600a10a334312194687b18ce3fe741d0fd275af672d9526fe6b9

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3436168/

Delivery method

Distributed via web download

Dropped by

SHA256 cf1300d92066f64202bcefd9ab1736ed59c0089c9e30c4da501f5dc4e21af111

Dropped by

MD5 90f53265497a62676e6e67f4ed4da2da

URLhaus

https://urlhaus.abuse.ch/url/3436190/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample