MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA 2 File information Comments

SHA256 hash:	7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201
SHA3-384 hash:	ceace21e22590944056568df5560f18376562db321fbc54e7a9508570e90f630786dc89cb005b506df07e621137fb314
SHA1 hash:	9a9a570bd8945fef45a4c20c468843aa697ed0e8
MD5 hash:	60492f54823aa2e56fdf484f5cb3df42
humanhash:	cardinal-king-seven-green
File name:	re.bot.mips
Download:	download sample
Signature	Mirai Create hunting rule
File size:	835'016 bytes
First seen:	2025-03-14 02:26:29 UTC
Last seen:	2025-03-14 03:18:53 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	6144:2tZuUR8HwxZ+Cn63u6EzAvP5Yen1ZHjJnmUNJlhuwGzd+7zRdJtk8iQb5KDoayDB:SR84YCn6HP5YeDmxL8LQCDa9TMMTmi34
TLSH	T15C05D40A6E62DF3CF2A483304BB70B2492AD63D607F1D585F29CD1155E3065E692FBAC
telfhash	t1dde1dfc7397623a8a6c84d4d42dded204c6718ef2eda1c27cf16d48ee71b7825e25c26
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

152

Origin country :

Vendor Threat Intelligence

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67d3ae6508116ce425710b9clinux22vpnfull_triage

Tags:

n/a

Result

Verdict:

Clean

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

lolbin masquerade packed remote

Link:

https://www.filescan.io/uploads/67d393fc0a7899f3579552e8/reports/243ddf7d-a981-4c37-8a7f-c36898bb7345/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

mips

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Result

Verdict:

UNKNOWN

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/b6d46507-369c-4528-9bd9-0f2d99a54ccb

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1638032

Signature

Antivirus / Scanner detection for submitted sample

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2025-03-14 02:27:09 UTC

File Type:

ELF32 Big (Exe)

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=prg2nsuipq53fib4cguq4iifpqps55epn6phmd76prkacwjl6iaq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250314-cxgnzszsby/

Behaviour

System Network Configuration Discovery

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/8acc16d1-ac37-472e-b366-1131035d10ff

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mirai

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2471d1f2c09224c34cadcf0a104c8e78b73f09971d4965bda5f1f6dc016a210a

Mirai

elf 7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3474302/

Delivery method

Distributed via web download

Dropped by

SHA256 2471d1f2c09224c34cadcf0a104c8e78b73f09971d4965bda5f1f6dc016a210a

Dropped by

MD5 8137eb3a1210a6ac0a5004ebdf12a009

URLhaus

https://urlhaus.abuse.ch/url/3474303/

Dropped by

SHA256 5e397e0e24a0b3b3ac706efe19a166583cd4eeae0bd3926d72ac74cffbcf859e

Dropped by

MD5 3119fcd280c8d7667c328914d1f66d4d

Dropped by

SHA256 5b59cc0c7dce41f23553fdd2b7590f4657d7013c0cac3686007845e08eb9a840

Dropped by

MD5 657e8a250879a48524b9ff9ac371828f

URLhaus

https://urlhaus.abuse.ch/url/3477728/

URLhaus

https://urlhaus.abuse.ch/url/3477729/

URLhaus

https://urlhaus.abuse.ch/url/3477730/

Dropped by

SHA256 e82a6d6efb6df26d2c333a3a335b3639d406bddccdb9c2ac4166bd459d743a36

Dropped by

MD5 663def63f63055dc8b5f8561ca2aab7b

Dropped by

SHA256 a118694ad9d75ab60674a828d11fc330098f5f19e7c1374e6aecb829dd5ac275

Dropped by

MD5 229944c75b6d20cc68f4126075f9f126

Dropped by

SHA256 6518d127b1f1b6f61f5c0434292c06065f852db39581dc01591fea07fac0b2b8

Dropped by

MD5 d678a6f5d04e4f35c3e4c3b518e365d7

Dropped by

SHA256 ca50827612b183b947df5447263a56f29977f1c9c7a08a9c7910b1d8299181fb

Dropped by

MD5 099e49b7a0156d7f2c5877af52b513a5

Dropped by

SHA256 6e6288f634aa041f82ca8da3ec891f5743213d2e72c3ddb9ad644dee727b3d64

Dropped by

MD5 2427d77492ce121c6fa6a8ab9ee43526

URLhaus

https://urlhaus.abuse.ch/url/3477732/

URLhaus

https://urlhaus.abuse.ch/url/3477734/

URLhaus

https://urlhaus.abuse.ch/url/3477735/

URLhaus

https://urlhaus.abuse.ch/url/3477737/

URLhaus

https://urlhaus.abuse.ch/url/3477739/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample