MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77833bcab1e5913195f73b5a388c1a8dbf1560decb26fa400107bfeb0a6491fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 11


Intelligence 11 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77833bcab1e5913195f73b5a388c1a8dbf1560decb26fa400107bfeb0a6491fa
SHA3-384 hash: 57880af4eee048d9684d4c1c26b040f82f2aa0149e611ed45ff7c375dd1becddb6805dc5743e6b26eda1465cf37a7a6a
SHA1 hash: 134a7d34ceb49bf3bcf2fd2ae08f4c2a47639778
MD5 hash: d65d66c399cf1f9656f9f7d9ca3702fd
humanhash: washington-cardinal-fifteen-grey
File name:i4_x86
Download: download sample
Signature Mirai
Create hunting rule
File size:129'520 bytes
First seen:2025-12-28 19:05:42 UTC
Last seen:2025-12-28 19:44:25 UTC
File type: elf
MIME type:application/x-executable
ssdeep 1536:Z9Q+EF+mgFNV4ulBjNQPExfcaBZnQflyYUuiybNGm4v5da3wo7ujCUUUR310CIoq:L9VzuCtZklO6NjQmZifakMs84c
TLSH T16EC35C45F347D1F0E94205B0119BFB379A3269722134DD6FDBE4FBB36CA16529806A2C
telfhash t1d63104768eea1ad9bbc08612d2ce5730dd5dd87b154476650eb22bc83373e026376c39
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Malware configuration found for:
Mirai
Details
Mirai
an XOR decryption key and at least a c2 socket address
Link:
https://research.acce.ciphertechsolutions.com/results/dcbed0a8-57c6-4ed3-9861-bfc321906175/
Detection(s):
Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL
Create hunting rule

Unix.Dropper.Mirai-7135890-0
Create hunting rule

Unix.Dropper.Mirai-7135939-0
Create hunting rule

Unix.Dropper.Mirai-7136025-0
Create hunting rule

Unix.Trojan.Mirai-9441505-0
Create hunting rule

Unix.Trojan.Mirai-9951087-0
Create hunting rule

Unix.Trojan.Mirai-10011027-0
Create hunting rule

Unix.Trojan.Mirai-10011918-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai rust
Link:
https://www.filescan.io/uploads/69517fa8127d6a14e0c525d2/reports/6664f5ff-d917-4afd-836a-e46398eb3652/overview
Result
Gathering data
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-12-28T15:18:00Z UTC
Last seen:
2025-12-28T18:46:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/77833bcab1e5913195f73b5a388c1a8dbf1560decb26fa400107bfeb0a6491fa/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f142e830-9a7d-45a4-9ecd-fa36f2a364b8
Behavior Graph:
Download SVG
%3 guuid=e51b9669-1900-0000-a483-54247e100000 pid=4222 /usr/bin/sudo guuid=c8ee6f6b-1900-0000-a483-542484100000 pid=4228 /tmp/sample.bin net write-file guuid=e51b9669-1900-0000-a483-54247e100000 pid=4222->guuid=c8ee6f6b-1900-0000-a483-542484100000 pid=4228 execve 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=c8ee6f6b-1900-0000-a483-542484100000 pid=4228->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5545a16b-1900-0000-a483-542485100000 pid=4229 /tmp/sample.bin guuid=c8ee6f6b-1900-0000-a483-542484100000 pid=4228->guuid=5545a16b-1900-0000-a483-542485100000 pid=4229 clone guuid=0a9746a7-1900-0000-a483-542476110000 pid=4470 /tmp/sample.bin guuid=c8ee6f6b-1900-0000-a483-542484100000 pid=4228->guuid=0a9746a7-1900-0000-a483-542476110000 pid=4470 clone guuid=4ee9ede2-1900-0000-a483-542435120000 pid=4661 /tmp/sample.bin guuid=c8ee6f6b-1900-0000-a483-542484100000 pid=4228->guuid=4ee9ede2-1900-0000-a483-542435120000 pid=4661 clone guuid=beacf5e2-1900-0000-a483-542436120000 pid=4662 /tmp/sample.bin net zombie guuid=c8ee6f6b-1900-0000-a483-542484100000 pid=4228->guuid=beacf5e2-1900-0000-a483-542436120000 pid=4662 clone 600e6a0f-dde9-5689-8a38-d4560e88db4d 46.151.182.229:1999 guuid=beacf5e2-1900-0000-a483-542436120000 pid=4662->600e6a0f-dde9-5689-8a38-d4560e88db4d con
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ea584636-6aca-4a01-9df9-7984caf5e34c
Result
Threat name:
Moobot
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1840881
Signature
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Moobot
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1840881 Sample: i4_x86.elf Startdate: 28/12/2025 Architecture: LINUX Score: 72 17 109.202.202.202, 80 INIT7CH Switzerland 2->17 19 46.151.182.229, 1999, 58670, 58672 CRONON-ASObermuensterstr9DE Ukraine 2->19 21 2 other IPs or domains 2->21 23 Malicious sample detected (through community Yara rule) 2->23 25 Antivirus / Scanner detection for submitted sample 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 Yara detected Moobot 2->29 7 i4_x86.elf 2->7         started        signatures3 process4 process5 9 i4_x86.elf 7->9         started        11 i4_x86.elf 7->11         started        13 i4_x86.elf 7->13         started        15 i4_x86.elf 7->15         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/77833bcab1e5913195f73b5a388c1a8dbf1560decb26fa400107bfeb0a6491fa
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/77833bcab1e5913195f73b5a388c1a8dbf1560decb26fa400107bfeb0a6491fa/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-28 19:06:19 UTC
File Type:
ELF32 Little (Exe)
AV detection:
17 of 36 (47.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o6btxsvr4witdfpxhnndrda2rw7rkyg6zmtpuqaba676wctesh5a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion linux
Link:
https://tria.ge/reports/251228-xr62xadv9e/
Behaviour
Changes its process name
Writes file to system bin folder
Modifies Watchdog functionality
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135890-0
YARA:
n/a
Link:
https://app.threat.zone/submission/2580a10b-1387-41a4-a59a-67d7b95b6da6
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/77833bcab1e5913195f73b5a388c1a8dbf1560decb26fa400107bfeb0a6491fa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:Linux_Trojan_Gafgyt_28a2fe0c
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_3a56423b
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_6e8e9257
Create hunting rule
Author:Elastic Security
Rule name:setsockopt
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for setsockopt() red flags
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 77833bcab1e5913195f73b5a388c1a8dbf1560decb26fa400107bfeb0a6491fa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3743681/
  
Delivery method
Distributed via web download

Comments