MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55a14313fb81153146f9c7bc2617a3a1c969ada95104bdc625cde73285aca80a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55a14313fb81153146f9c7bc2617a3a1c969ada95104bdc625cde73285aca80a
SHA3-384 hash: a66e592c65b9de9fe31dec52e24a12c3274093f19c1daefc1b6e67f8447b1b3460a9e6c4d11d05d8191a9bf36a68be92
SHA1 hash: 4ae887ec97fc7432d970f698fff5b63a42e3fa9a
MD5 hash: 1139b8d7e48212c4ca9aa12220d4d4d8
humanhash: wyoming-winter-mike-queen
File name:skid.arm7
Download: download sample
Signature Mirai
Create hunting rule
File size:99'724 bytes
First seen:2025-07-11 12:04:20 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:5JnD4CDmLo7T6xxM9ZLWSa38wul0ViWY2NaEm9HZCNpYHwY:raC6xxM9ZLWSaflY2NaEm9H8NpvY
TLSH T170A31859FC81AB15D5C526BEFE4F028933135BACE3EE72129D245B2427CA95B0F7B402
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
15
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6870fe06c9eb974737685b57linux22vpnfull_triage
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
lolbin remote
Link:
https://www.filescan.io/uploads/6870fe0b2f482f87cbf7dda8/reports/568225a5-8089-449a-9a14-403827353ccd/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/55a14313fb81153146f9c7bc2617a3a1c969ada95104bdc625cde73285aca80a
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/52c4ba6e-7151-4ca8-a602-0ac4c8d80836
Behavior Graph:
Download SVG
%3 guuid=92783ab4-1900-0000-5cdf-2c24c50c0000 pid=3269 /usr/bin/sudo guuid=2aca32b7-1900-0000-5cdf-2c24ca0c0000 pid=3274 /tmp/sample.bin guuid=92783ab4-1900-0000-5cdf-2c24c50c0000 pid=3269->guuid=2aca32b7-1900-0000-5cdf-2c24ca0c0000 pid=3274 execve
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bf04fdec-c346-4468-839b-cda86bb05268
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1733822
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1733822 Sample: skid.arm7.elf Startdate: 11/07/2025 Architecture: LINUX Score: 48 14 54.217.10.153, 443, 49574 AMAZON-02US United States 2->14 16 54.247.62.1, 443 AMAZON-02US United States 2->16 18 Multi AV Scanner detection for submitted file 2->18 6 dash rm 2->6         started        8 dash cat 2->8         started        10 dash head 2->10         started        12 8 other processes 2->12 signatures3 process4
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/55a14313fb81153146f9c7bc2617a3a1c969ada95104bdc625cde73285aca80a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55a14313fb81153146f9c7bc2617a3a1c969ada95104bdc625cde73285aca80a/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-07-11 12:05:07 UTC
File Type:
ELF32 Little (Exe)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kwquge73qektcrxzy66cmf5duhewtlnjkecl3rrfzxttfbnmvafa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/250711-n9a8hswmv2/
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f9e7fb8c-47b1-496a-8831-76ceceec5011
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/55a14313fb81153146f9c7bc2617a3a1c969ada95104bdc625cde73285aca80a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 55a14313fb81153146f9c7bc2617a3a1c969ada95104bdc625cde73285aca80a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3573448/
  
Delivery method
Distributed via web download

Comments