MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 771b24ae004fa65a9df902619cca3f898abaae95961f8ea812198ecf8e4a049b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 771b24ae004fa65a9df902619cca3f898abaae95961f8ea812198ecf8e4a049b
SHA3-384 hash: cbe9f0f5890d1fcf1223ae210d43dcb790fa9e0a94e9c80a25b99b25ce5b43562b192cf02868c76952ea4d7dd0642bfd
SHA1 hash: 45ffef0bb66b7ac59492207c38fb42ef6b0f649f
MD5 hash: b53b9ec96072e5709b406256e4cd1c2c
humanhash: golf-uniform-one-bakerloo
File name:arm4
Download: download sample
Signature Mirai
Create hunting rule
File size:39'672 bytes
First seen:2026-01-12 22:00:56 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:obnltkBjVqNvyZySCGIwOvP5jEGundqNQL2qvbV1HEaM:AnGjDOvjKd4Qbka
TLSH T15703F8827D428F03C1D122B6F7AE019C3B11BB7CA1EF3352E9227F91778689B1967651
telfhash t1e821f0100d841eec9b9080c9e36f673b756520a47ea33d528bfe6e0f03299d6b461c3d
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
167
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.29228.LC.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30455.LC.BadVar.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30481.LC.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-9970440-0
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
gcc rust
Link:
https://www.filescan.io/uploads/69656f3dc82deb762e7a945a/reports/97de693d-094c-48c4-8cf3-6303d818c42d/overview
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2026-01-12T19:11:00Z UTC
Last seen:
2026-01-14T12:48:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/771b24ae004fa65a9df902619cca3f898abaae95961f8ea812198ecf8e4a049b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/785dc0f5-4b29-4cdb-8754-16af09ec6684
Behavior Graph:
Download SVG
%3 guuid=ae99bc8f-1600-0000-a40b-d370f00c0000 pid=3312 /usr/bin/sudo guuid=59fe6c93-1600-0000-a40b-d370f10c0000 pid=3313 /tmp/sample.bin guuid=ae99bc8f-1600-0000-a40b-d370f00c0000 pid=3312->guuid=59fe6c93-1600-0000-a40b-d370f10c0000 pid=3313 execve
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/75609a3b-270f-4798-b0c3-40f501f2b661
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1849561
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1849561 Sample: arm4.elf Startdate: 12/01/2026 Architecture: LINUX Score: 48 16 Multi AV Scanner detection for submitted file 2->16 8 arm4.elf 2->8         started        process3 process4 10 arm4.elf 8->10         started        process5 12 arm4.elf 10->12         started        process6 14 arm4.elf 12->14         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/771b24ae004fa65a9df902619cca3f898abaae95961f8ea812198ecf8e4a049b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/771b24ae004fa65a9df902619cca3f898abaae95961f8ea812198ecf8e4a049b/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-12 22:01:41 UTC
File Type:
ELF32 Little (Exe)
AV detection:
21 of 38 (55.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o4nsjlqaj6tfvhpzajqzzsr7rgflvluvsypy5kasdghm7dskasnq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:botnet
Link:
https://tria.ge/reports/260112-1xgkzsfw8a/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-9970440-0
YARA:
n/a
Link:
https://app.threat.zone/submission/bce686f8-0aab-467b-83e7-a5d18a8a17ed
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/771b24ae004fa65a9df902619cca3f898abaae95961f8ea812198ecf8e4a049b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Generic_Threat_d94e1020
Create hunting rule
Author:Elastic Security
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2d5e2d77ba36d07dd6099b9cb0247242d489d2255b57f9f2290f2cdaa35f9ba2

Mirai

elf 771b24ae004fa65a9df902619cca3f898abaae95961f8ea812198ecf8e4a049b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3756960/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 2d5e2d77ba36d07dd6099b9cb0247242d489d2255b57f9f2290f2cdaa35f9ba2
  
Dropped by
MD5 8151d17630d89d6a5a235c1d3b6cf9e4
  
Dropped by
SHA256 9f1281e658f9d4970c66f9a44b981edbc07f069be3c95d8fd4ddb80d40726318
  
Dropped by
MD5 b93635463a192d3cbd6f725e62563afe
  
Dropped by
SHA256 fce021d3d746aa9bbdfbabe382971f249bf957d9cfb28e78a07028745e607147
  
Dropped by
MD5 28bf4437e6125e42da3aabac42d3c459
  
URLhaus
https://urlhaus.abuse.ch/url/3747933/
  
URLhaus
https://urlhaus.abuse.ch/url/3747932/
  
URLhaus
https://urlhaus.abuse.ch/url/3747929/

Comments