MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 788a8d6c0a06ee6685ae2f6f8462291f17b0d04ffe7abf726731848017712ce2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA 99 File information Comments

SHA256 hash:	788a8d6c0a06ee6685ae2f6f8462291f17b0d04ffe7abf726731848017712ce2
SHA3-384 hash:	424e4ef99b6df0162d7b47803b048e22c8f64a9594dbb5f4fecad6cdbea7673e8697a45a0fafe7a7ab11982762e94640
SHA1 hash:	8924545d0cdb9c43aab8b32789f5380916461a8d
MD5 hash:	cfa25cd0f051aad6839da4665c98e87b
humanhash:	nebraska-robin-kilo-wyoming
File name:	game.zip
Download:	download sample
Signature	Mirai Create hunting rule
File size:	317'452 bytes
First seen:	2026-02-13 09:40:37 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	6144:WRwvrFaytrPKDsxXekmqVQqyp4GmoSxhntbkgT:iURJ5ysdeVkQHXS72gT
TLSH	T19E642339A74F81CCE7DBA47CB2E31999CC16111BB5940CA70F047BE7E905B197BAE118
Magika	zip
Reporter	juroots
Tags:	mirai zip

Intelligence

File Origin

# of uploads :

# of downloads :

104

Origin country :

File Archive Information

This file archive contains 11 file(s), sorted by their relevance:

File name:	StormStresser.arm6
File size:	60'448 bytes
SHA256 hash:	edb0b5e6bc05322b0f389bb03734dcfff721dfad89af8ca5c5b87c1d935700bf
MD5 hash:	a7382b3a43989ddd7d6a05064093a23c
MIME type:	application/x-executable
Signature	Mirai

File name:	StormStresser.arm7
File size:	123'237 bytes
SHA256 hash:	56b5a310c383c4f5e609ab09f0c441b781a8628f45c879fd4f268113a347f5ac
MD5 hash:	beb8da5c2c9814c9cedb711d2eaedf12
MIME type:	application/x-executable
Signature	Mirai

File name:	StormStresser.sh4
File size:	45'964 bytes
SHA256 hash:	c62c7c9567099175754f0ea1e0ba39ed0341a237600a838eaa1fa4f10f3ec805
MD5 hash:	40f6b98bbbe2d9791eb743369c5723b7
MIME type:	application/x-executable
Signature	Mirai

File name:	StormStresser.arm
File size:	51'208 bytes
SHA256 hash:	59062a5b514ea90347c5023b6880bba8c327dfc2b782d76749f72c4f6247e0b5
MD5 hash:	fd11f805b7914fad47cff678fd879b3e
MIME type:	application/x-executable
Signature	Mirai

File name:	StormStresser.spc
File size:	52'244 bytes
SHA256 hash:	917f055a7ea82558a1ce794eb798c471e9dc30ead4a867b92c0f863b7b320f29
MD5 hash:	79f32905ab49af8c36d947d7a01c5fd9
MIME type:	application/x-executable
Signature	Mirai

File name:	StormStresser.mips
File size:	63'824 bytes
SHA256 hash:	b8990787c2e9d8f1fc852b645aca2704bb4f7dc1a9cf54896b3c3d9a6d23efb6
MD5 hash:	61fc2acfcb607d28d56b0ab008879240
MIME type:	application/x-executable
Signature	Mirai

File name:	StormStresser.mpsl
File size:	67'664 bytes
SHA256 hash:	94492a228b98982f5a075e792239ba6b7c41366551df182ec6b07270770d744d
MD5 hash:	5381a30483aee10371392f77a8d34641
MIME type:	application/x-executable
Signature	Mirai

File name:	StormStresser.x86
File size:	45'744 bytes
SHA256 hash:	c28e7804ea2a28fab3f53b5c740acaddece03c4427bfec92e0ab3e4997abf5cb
MD5 hash:	ae0432eedcf4510e5000f2cfa4975e00
MIME type:	application/x-executable
Signature	Mirai

File name:	StormStresser.arm5
File size:	44'256 bytes
SHA256 hash:	1106da5f68947b8bb1573fb11022e6460ea8d91e6702cd09b5a679d9446bfeb9
MD5 hash:	a82c848e65f69e3898f6e7a7e8bc581d
MIME type:	application/x-executable
Signature	Mirai

File name:	StormStresser.ppc
File size:	48'324 bytes
SHA256 hash:	3248d8503d5742ecffadc4739878835719fbf76f91c4e8b6d4f3cc304655fe7e
MD5 hash:	3a31d391daec3c0cc915d5f76b298881
MIME type:	application/x-executable
Signature	Mirai

File name:	StormStresser.m68k
File size:	49'784 bytes
SHA256 hash:	5c8d71d5c6523e8092e097bbcc5ecbdc3081b02d7e3e902089beef0333f4b0a7
MD5 hash:	9223ec391b95bd03cb5f7de80ccabaef
MIME type:	application/x-executable
Signature	Mirai

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/2e3b4f1c-fb51-4cdc-91b7-fd0594f3bd71/

Detection(s):

Sanesecurity.Malware.29228.LC.UNOFFICIAL

Sanesecurity.Malware.30455.LC.BadVar.UNOFFICIAL

Sanesecurity.Malware.30481.LC.UNOFFICIAL

Unix.Dropper.Mirai-7135965-0

Unix.Trojan.Mirai-9970440-0

Unix.Trojan.Mirai-10027280-0

Unix.Trojan.Mirai-1

Sanesecurity.Malware.29229.LC.UNOFFICIAL

Unix.Dropper.Mirai-7135928-0

Unix.Trojan.Mirai-9760303-0

Unix.Trojan.Mirai-6981989-0

Unix.Trojan.Mirai-9940650-0

Unix.Trojan.Mirai-10018298-0

Unix.Dropper.Mirai-7135957-0

Unix.Dropper.Mirai-7139230-0

Unix.Dropper.Mirai-7136488-0

Unix.Trojan.Mirai-9857931-0

Unix.Trojan.Mirai-9866113-0

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=698ef18e76589225f66649a2

Tags:

gafgyt mirai ddos

Result

Verdict:

Malicious

File Type:

ZIP File

Link:

https://app.docguard.net/788a8d6c0a06ee6685ae2f6f8462291f17b0d04ffe7abf726731848017712ce2/results/dashboard

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/788a8d6c0a06ee6685ae2f6f8462291f17b0d04ffe7abf726731848017712ce2

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/788a8d6c0a06ee6685ae2f6f8462291f17b0d04ffe7abf726731848017712ce2

Score:

100%

Verdict:

Malware

File Type:

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/260213-qf1x7agz8c/

Malware Config

C2 Extraction:

stormstresser.duckdns.org

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	elf_mirai_g0 Create hunting rule
Author:	Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>, Thorsten Jenke <thorsten.jenke<at>fkie.fraunhofer.de>
Description:	based on multiple x86 samples

Rule name:	elf_mirai_g3 Create hunting rule
Author:	Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>, Thorsten Jenke <thorsten.jenke<at>fkie.fraunhofer.de>
Description:	based on some random powerpc sample

Rule name:	elf_mirai_g4 Create hunting rule
Author:	Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>, Thorsten Jenke <thorsten.jenke<at>fkie.fraunhofer.de>
Description:	based on a single sparc sample

Rule name:	elf_mirai_g5 Create hunting rule
Author:	Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>, Thorsten Jenke <thorsten.jenke<at>fkie.fraunhofer.de>
Description:	based on multiple ARM samples

Rule name:	Linux_Generic_Threat_8299c877 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Generic_Threat_d2dca9e7 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Generic_Threat_d94e1020 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_0bce98a2 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_88de437f Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_8aa7b5d3 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_95e0056c Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_b14f4c5d Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_cc93863b Create hunting rule
Author:	Elastic Security

Rule name:	MAL_ARM_LNX_Mirai_Mar13_2022 Create hunting rule
Author:	Mehmet Ali Kerimoglu a.k.a. CYB3RMX
Description:	Detects new ARM Mirai variant

Rule name:	Mirai_Botnet_Malware Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects Mirai Botnet Malware
Reference:	Internal Research

Rule name:	Mirai_Botnet_Malware_RID2EF6 Create hunting rule
Author:	Florian Roth
Description:	Detects Mirai Botnet Malware
Reference:	Internal Research

Rule name:	Mirai_Unpack Create hunting rule

Rule name:	setsockopt Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for setsockopt() red flags

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

zip 788a8d6c0a06ee6685ae2f6f8462291f17b0d04ffe7abf726731848017712ce2

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3777065/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample