MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 373c9615fa0e3cb0999e89ccb15da563373d19e714795492a419b3bfe1ba9254. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 373c9615fa0e3cb0999e89ccb15da563373d19e714795492a419b3bfe1ba9254
SHA3-384 hash: 43c0b262e72616979a15cdd6c26e77ff72ae9924ab21c41d70f22ed76836276fa98ef94a52030651f62ae7cd00311c7b
SHA1 hash: 3561233b7e29f8077f4ef125f1711daf8acbd193
MD5 hash: 8ce9ef22cba6441f189c6ef92c64d700
humanhash: virginia-item-hotel-connecticut
File name:mips
Download: download sample
Signature Mirai
Create hunting rule
File size:84'432 bytes
First seen:2025-11-01 17:52:38 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:OZibUpZUpzhmxQBBFijd+WdMYmXvsa3eeHsaOmtR:OZ8qZqzEiBFijgWgXvsaGOX
TLSH T17A83C61B6E219FADFBAC963107B38E21935C33D627E1C685E15CD6011E6028D646FFE8
telfhash t19c11c01c493803f0d7921c9c7bedff36e45160df4a225e37ce10eaa9ea649428d00c2c
Magika elf
Reporter abuse_ch
Tags:elf gafgyt mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 19f9d1c88599274ed1cf38e86d3a037056d4adda5d529b349f89f45e8525bee6
File size (compressed) :34'616 bytes
File size (de-compressed) :84'432 bytes
Format:linux/mips
Packed file: 19f9d1c88599274ed1cf38e86d3a037056d4adda5d529b349f89f45e8525bee6

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Mirai-10017641-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
DNS request
Receives data from a server
Opens a port
Sends data to a server
Substitutes an application name
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69064923be20d933485af74e/reports/05479b09-f656-4ab7-a61e-953642c068da/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
3
Processes remaning?
true
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/373c9615fa0e3cb0999e89ccb15da563373d19e714795492a419b3bfe1ba9254
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-11-01T14:59:00Z UTC
Last seen:
2025-11-02T02:18:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/373c9615fa0e3cb0999e89ccb15da563373d19e714795492a419b3bfe1ba9254/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f3102efa-e4e5-44aa-8630-35506b6fa1e5
Behavior Graph:
Download SVG
%3 guuid=a4ebf098-1700-0000-c513-e34d0f0a0000 pid=2575 /usr/bin/sudo guuid=2e35e09a-1700-0000-c513-e34d160a0000 pid=2582 /tmp/sample.bin guuid=a4ebf098-1700-0000-c513-e34d0f0a0000 pid=2575->guuid=2e35e09a-1700-0000-c513-e34d160a0000 pid=2582 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/879e0387-597c-4e80-a9da-6c1585510aeb
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1806316
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1806316 Sample: mips.elf Startdate: 01/11/2025 Architecture: LINUX Score: 64 18 squibblypuff.asia 185.14.92.55, 23, 34306, 34308 INTERCOLO-ASintercoloIP-BackboneDE Germany 2->18 20 109.202.202.202, 80 INIT7CH Switzerland 2->20 22 3 other IPs or domains 2->22 24 Antivirus / Scanner detection for submitted sample 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Yara detected Mirai 2->28 8 mips.elf 2->8         started        10 dash rm 2->10         started        12 dash rm 2->12         started        signatures3 process4 process5 14 mips.elf 8->14         started        process6 16 mips.elf 14->16         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/373c9615fa0e3cb0999e89ccb15da563373d19e714795492a419b3bfe1ba9254
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/373c9615fa0e3cb0999e89ccb15da563373d19e714795492a419b3bfe1ba9254/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/373c9615fa0e3cb0999e89ccb15da563373d19e714795492a419b3bfe1ba9254
Threat name:
Linux.Backdoor.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2025-11-01 17:53:36 UTC
File Type:
ELF32 Big (Exe)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g46jmfp2by6lbgm6rhglcxnfmm3t2gphcr4vjevedgz37yn2sjka._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai defense_evasion discovery
Link:
https://tria.ge/reports/251101-wglsjswney/
Behaviour
System Network Configuration Discovery
Changes its process name
Modifies Watchdog functionality
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/373c9615fa0e3cb0999e89ccb15da563373d19e714795492a419b3bfe1ba9254

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 19f9d1c88599274ed1cf38e86d3a037056d4adda5d529b349f89f45e8525bee6

Mirai

elf 373c9615fa0e3cb0999e89ccb15da563373d19e714795492a419b3bfe1ba9254

(this sample)

  
Dropped by
SHA256 19f9d1c88599274ed1cf38e86d3a037056d4adda5d529b349f89f45e8525bee6
  
URLhaus
https://urlhaus.abuse.ch/url/3692021/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 ee7663ee430a0d61daaea9a54818bbc9

Comments