MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77827796721932598e298749a44bb8d532f42ef1156170d560618173b4bedbaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77827796721932598e298749a44bb8d532f42ef1156170d560618173b4bedbaa
SHA3-384 hash: acf77a122a7526cd240df86ce223fa9e3874efd0e6ae3762dd739328d2ef6a4135dfd7ab0e66b55dd708bbbdbb569db4
SHA1 hash: e207ae80b8966cc4f482fe1241e47b13510422e4
MD5 hash: fac176a76bcdb23133ed8653897309e0
humanhash: berlin-venus-six-mexico
File name:xnxnxnxnxnxnxnxnpowerpcxnxn
Download: download sample
Signature Mirai
Create hunting rule
File size:67'168 bytes
First seen:2025-12-23 05:47:49 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:MK8py3Q25PwU4Ekp1p4xOmIx1AtZgM0Eb3+y85Pq4rI3j28UiXrPo:s2IEkZ4sctZgM085ofdiXrPo
TLSH T17A63027CE26CECADACB04D3232701090B1296E61A0CFD538BE3B551652578AF95DF86F
Magika unknown
Reporter abuse_ch
Tags:elf UPX
File size (compressed) :67'168 bytes
File size (de-compressed) :197'352 bytes
Format:linux/ppc32
Unpacked file: ed375461dfa61518dd34450ee7b8cc43b2ea0c8eba7a88a82fe62f17c817fdc2

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/ed6bc74a-eb88-4bd9-90ee-241b67769e52/
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-12-23T01:04:00Z UTC
Last seen:
2025-12-23T05:50:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/77827796721932598e298749a44bb8d532f42ef1156170d560618173b4bedbaa/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6cb11d4b-773b-4604-893e-6afaebca1d21
Behavior Graph:
Download SVG
%3 guuid=21de84d0-1b00-0000-2d7c-9cbc6d0d0000 pid=3437 /usr/bin/sudo guuid=6f9df4d2-1b00-0000-2d7c-9cbc740d0000 pid=3444 /tmp/sample.bin guuid=21de84d0-1b00-0000-2d7c-9cbc6d0d0000 pid=3437->guuid=6f9df4d2-1b00-0000-2d7c-9cbc740d0000 pid=3444 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/7201b992-61d2-44c5-9dba-a8cca385d688
Result
Threat name:
n/a
Detection:
malicious
Classification:
spre.troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1838077
Signature
Connects to many ports of the same IP (likely port scanning)
Deletes system log files
Manipulation of devices in /dev
Sample is packed with UPX
Sample tries to kill a massive number of system processes
Sample tries to kill multiple processes (SIGKILL)
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/77827796721932598e298749a44bb8d532f42ef1156170d560618173b4bedbaa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77827796721932598e298749a44bb8d532f42ef1156170d560618173b4bedbaa/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o6bhpftsdezftdrjq5e2is5y2uzpilxrcvqxbvlamgaxhnf63ova._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
linux upx
Link:
https://tria.ge/reports/251223-ghl3dasrev/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/66724d07-40db-4a21-8fde-31ce7cf7a32f
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/77827796721932598e298749a44bb8d532f42ef1156170d560618173b4bedbaa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 77827796721932598e298749a44bb8d532f42ef1156170d560618173b4bedbaa

(this sample)

Mirai

elf ed375461dfa61518dd34450ee7b8cc43b2ea0c8eba7a88a82fe62f17c817fdc2

  
URLhaus
https://urlhaus.abuse.ch/url/3713405/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 ed375461dfa61518dd34450ee7b8cc43b2ea0c8eba7a88a82fe62f17c817fdc2
  
Dropping
MD5 2b2087614ef477ad50982357a05f8695
  
URLhaus
https://urlhaus.abuse.ch/url/3739932/

Comments