MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c1415b3b42f22a42d606b1124386dbaba15239ce97e7270bfc01077d873ed9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c1415b3b42f22a42d606b1124386dbaba15239ce97e7270bfc01077d873ed9e
SHA3-384 hash: afeabf0df56f913aae89fb311d3b094fc69788231d6359024c9860a477bc5e14374cf1c5b4ce9a187bae96c476df59e6
SHA1 hash: 18e006a1221442420dcc82eb5b19f77c5f033786
MD5 hash: fda598aef75b92613a6e4b360e694e54
humanhash: seventeen-yankee-maryland-saturn
File name:Josho.spc
Download: download sample
Signature Mirai
Create hunting rule
File size:60'116 bytes
First seen:2025-12-23 22:57:19 UTC
Last seen:2025-12-24 09:02:20 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:TXon00+q9wp3C+vactfa1sDHQYAzsv6WswWSHoXdss63B/9JO+zC3b:TXw00+SY3CaactfI6Qvzsv6vwcGJg
TLSH T1C2432925AD792E26C0D4B57A51F78714F2F2220E26B8C61E3CB21E4EFF04B4065577BA
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
3
# of downloads :
70
Origin country :
DE DE
Vendor Threat Intelligence
Malware configuration found for:
Mirai
Details
Mirai
an XOR decryption key and at least a c2 socket address
Link:
https://research.acce.ciphertechsolutions.com/results/71e30e93-6c2c-4f9b-b9bf-51277427178d/
Detection(s):
Unix.Dropper.Mirai-7135890-0
Create hunting rule

Unix.Dropper.Mirai-7135939-0
Create hunting rule

Unix.Dropper.Mirai-7136025-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
gafgyt masquerade mirai
Link:
https://www.filescan.io/uploads/694b1e883f8fdbf8e9507cac/reports/424aed2b-99bb-4ccf-9bb1-22cf3a62a7cf/overview
Result
Gathering data
Verdict:
Malicious
File Type:
elf.32.be
Detections:
HEUR:Backdoor.Linux.Mirai.ba HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/6c1415b3b42f22a42d606b1124386dbaba15239ce97e7270bfc01077d873ed9e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8559cb1e-db27-417e-87e1-0ee76772939b
Behavior Graph:
Download SVG
%3 guuid=4a134898-1900-0000-5d18-e36e380c0000 pid=3128 /usr/bin/sudo guuid=4a00089b-1900-0000-5d18-e36e410c0000 pid=3137 /tmp/sample.bin guuid=4a134898-1900-0000-5d18-e36e380c0000 pid=3128->guuid=4a00089b-1900-0000-5d18-e36e410c0000 pid=3137 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/165885ed-ca50-4da1-abbb-da3e67a73b2b
Result
Threat name:
n/a
Detection:
malicious
Classification:
spre
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1838543
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1838543 Sample: Josho.spc.elf Startdate: 24/12/2025 Architecture: LINUX Score: 60 44 13.9.44.26 XEROX-WVUS United States 2->44 46 109.76.156.150, 23 VODAFONE-IRELAND-ASNIE Ireland 2->46 48 98 other IPs or domains 2->48 50 Antivirus / Scanner detection for submitted sample 2->50 52 Multi AV Scanner detection for submitted file 2->52 10 Josho.spc.elf 2->10         started        signatures3 process4 process5 12 Josho.spc.elf 10->12         started        15 Josho.spc.elf 10->15         started        17 Josho.spc.elf 10->17         started        signatures6 56 Sample tries to kill multiple processes (SIGKILL) 12->56 19 Josho.spc.elf 12->19         started        21 Josho.spc.elf 12->21         started        23 Josho.spc.elf 15->23         started        26 Josho.spc.elf 15->26         started        28 Josho.spc.elf 15->28         started        process7 signatures8 30 Josho.spc.elf 19->30         started        32 Josho.spc.elf 19->32         started        34 Josho.spc.elf 19->34         started        54 Sample tries to kill multiple processes (SIGKILL) 23->54 36 Josho.spc.elf 23->36         started        38 Josho.spc.elf 23->38         started        process9 process10 40 Josho.spc.elf 30->40         started        42 Josho.spc.elf 30->42         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/6c1415b3b42f22a42d606b1124386dbaba15239ce97e7270bfc01077d873ed9e
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/6c1415b3b42f22a42d606b1124386dbaba15239ce97e7270bfc01077d873ed9e/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/6c1415b3b42f22a42d606b1124386dbaba15239ce97e7270bfc01077d873ed9e
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-23 13:34:40 UTC
File Type:
ELF32 Big (Exe)
AV detection:
23 of 36 (63.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nqkblm5uf4rkillanmisiodnxk5bki445f7he4f7yaihpwdt5wpa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:josho linux
Link:
https://tria.ge/reports/251223-2xextsxmaz/
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135890-0
YARA:
n/a
Link:
https://app.threat.zone/submission/365e946e-4ab2-4bcb-971c-63af5a145166
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6c1415b3b42f22a42d606b1124386dbaba15239ce97e7270bfc01077d873ed9e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 6c1415b3b42f22a42d606b1124386dbaba15239ce97e7270bfc01077d873ed9e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3741693/
  
Delivery method
Distributed via web download

Comments