MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52cab22af8c3957877bcff628877658946be13b2698bf6ba4399828491cb38bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52cab22af8c3957877bcff628877658946be13b2698bf6ba4399828491cb38bc
SHA3-384 hash: 4575c8f02b33f95161aa6deecd29d165bfdfa3d08a78697e904bd85729859ccf4e287f9e65b5eb1b8c994b430c367e1a
SHA1 hash: 30a5e977c7e181d846b46bca4b6b92d5b327befa
MD5 hash: d1c76d20c820e7d28c76ca3cb4dcdaf6
humanhash: summer-finch-winter-alanine
File name:ppc
Download: download sample
Signature Mirai
Create hunting rule
File size:67'576 bytes
First seen:2025-11-29 22:57:39 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:ZjVO2KsrO4zb5BdTqBpTaQnQSe1ECj5ds:CPsTHdTQNQSe1bjrs
TLSH T163634A01775C4E43D1A61EF8293F27E193EEEE9021F4F5842A0ED6465272E33994AFD8
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.29504.LC.UNOFFICIAL
Create hunting rule

Unix.Dropper.Mirai-7135957-0
Create hunting rule

Unix.Dropper.Mirai-7136015-0
Create hunting rule

Unix.Trojan.Mirai-9876194-0
Create hunting rule

Unix.Trojan.Mirai-9940367-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sends data to a server
Receives data from a server
Runs as daemon
Opens a port
Substitutes an application name
Performs a bruteforce attack in the network
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/692b7a862cd29ea6300345c5/reports/b87487bb-251f-4aac-86d1-94225db17fbb/overview
Result
Gathering data
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-11-29T16:46:00Z UTC
Last seen:
2025-11-29T18:51:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/52cab22af8c3957877bcff628877658946be13b2698bf6ba4399828491cb38bc/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1311a753-6d98-41bb-9a69-a7ee65a52c21
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1822898
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1822898 Sample: ppc.elf Startdate: 30/11/2025 Architecture: LINUX Score: 64 22 12.194.48.59 WORLDNET5-10US United States 2->22 24 12.253.93.251 WORLDNET5-10US United States 2->24 26 98 other IPs or domains 2->26 28 Antivirus / Scanner detection for submitted sample 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Mirai 2->32 8 ppc.elf 2->8         started        10 dash rm 2->10         started        12 dash rm 2->12         started        signatures3 process4 process5 14 ppc.elf 8->14         started        process6 16 ppc.elf 14->16         started        18 ppc.elf 14->18         started        20 ppc.elf 14->20         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/52cab22af8c3957877bcff628877658946be13b2698bf6ba4399828491cb38bc
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/52cab22af8c3957877bcff628877658946be13b2698bf6ba4399828491cb38bc/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=klflekxyyokxq55475riq53frfdl4e5sngf7nosdtgbijeolhc6a._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:wicked linux
Link:
https://tria.ge/reports/251129-2xxgwacv8g/
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135957-0
YARA:
n/a
Link:
https://app.threat.zone/submission/d3b99fc4-3592-4f28-8a30-d91fd559bcef
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 52cab22af8c3957877bcff628877658946be13b2698bf6ba4399828491cb38bc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3718637/
  
Delivery method
Distributed via web download

Comments