MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cf3d08b9aeb317a666213db178a8ea0625ce874f08f69902960310562054a9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 11

Intelligence 11 IOCs YARA 10 File information Comments

SHA256 hash:	7cf3d08b9aeb317a666213db178a8ea0625ce874f08f69902960310562054a9c
SHA3-384 hash:	bbc34acb8dd753c390a2af21a67336a4a18b78840ec99e5dda4404fffa00df0d929cf6d4477b7239bc7f3dcba494da85
SHA1 hash:	df6e101db5a4b35365140eba41a669a75d6025b7
MD5 hash:	dacaada558511cf02f3bb9321ebee663
humanhash:	video-magazine-ceiling-social
File name:	boatnet.x86
Download:	download sample
Signature	Mirai Create hunting rule
File size:	49'936 bytes
First seen:	2025-10-29 14:50:13 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:6nJRT4QPfZfW5XTOeY3Dve3AGX57/4Qw7bn2i1e:Gv4QPfZfW5XTOeoEzJ7AQwf2i
TLSH	T1DB2309C8F443D9F9DC4A09746036FB2BDBB2F6BA2329DE43D7A495236C51702A805D9C
telfhash	t1a811c8f75da609fdf3d09c00c71d67e1296ad26b0a7166a404b12de533d1cd190b8c3e
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 4fda417dfcb5c09822f7be94a6c0fb2ff83b0df47f4ca12d4c07eef53ebac6a5

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	21'492 bytes
File size (de-compressed) :	49'936 bytes
Format:	linux/i386
Packed file:	4fda417dfcb5c09822f7be94a6c0fb2ff83b0df47f4ca12d4c07eef53ebac6a5

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Runs as daemon

Connection attempt

Sends data to a server

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

masquerade

Link:

https://www.filescan.io/uploads/69022bca44e3729d79698f91/reports/d0cb13bc-42ec-494f-8b25-245d756ff244/overview

Verdict:

Malicious

File Type:

elf.32.le

First seen:

2025-08-03T10:36:00Z UTC

Last seen:

2025-08-03T11:02:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/7cf3d08b9aeb317a666213db178a8ea0625ce874f08f69902960310562054a9c/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/b7cf8b17-28fc-49d7-9263-477911e40e80

Behavior Graph:

Download SVG

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/3fdc84ea-8e77-47d1-9450-da4ca1428584

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/7cf3d08b9aeb317a666213db178a8ea0625ce874f08f69902960310562054a9c

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/7cf3d08b9aeb317a666213db178a8ea0625ce874f08f69902960310562054a9c/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-10-29 15:01:16 UTC

File Type:

ELF32 Little (Exe)

AV detection:

27 of 38 (71.05%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ptz5bc425myxuztccpnrpcuoubrfz2du6chwtebjmayqkyqfjkoa._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:lzrd defense_evasion discovery linux

Link:

https://tria.ge/reports/251029-sb2p2aaj7y/

Behaviour

Reads runtime system information

Enumerates running processes

Writes file to system bin folder

Modifies Watchdog functionality

Verdict:

Malicious

Tags:

trojan mirai gafgyt Unix.Dropper.Mirai-7136013-0

YARA:

Linux_Trojan_Gafgyt_28a2fe0c Linux_Trojan_Gafgyt_ea92cca8 Linux_Trojan_Mirai_b14f4c5d Linux_Trojan_Mirai_88de437f Linux_Trojan_Mirai_ae9d0fa6 Linux_Trojan_Mirai_389ee3e9 Linux_Trojan_Mirai_cc93863b Linux_Trojan_Mirai_8aa7b5d3 Linux_Gafgyt_May_2024

Link:

https://app.threat.zone/submission/ec90c17b-48b0-4201-b834-a0afb1eaba9d

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/7cf3d08b9aeb317a666213db178a8ea0625ce874f08f69902960310562054a9c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	botnet_Yakuza Create hunting rule
Author:	NDA0E
Description:	Yakuza botnet

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	Linux_Trojan_Gafgyt_28a2fe0c Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Gafgyt_ea92cca8 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_389ee3e9 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_88de437f Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_8aa7b5d3 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_ae9d0fa6 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_b14f4c5d Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Mirai_cc93863b Create hunting rule
Author:	Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 37c53698a6d50f006ede9318444c7b6c4ddb65009ecd63f8df0e63d07eb2dd77

Mirai

elf 4fda417dfcb5c09822f7be94a6c0fb2ff83b0df47f4ca12d4c07eef53ebac6a5

Mirai

elf 7cf3d08b9aeb317a666213db178a8ea0625ce874f08f69902960310562054a9c

(this sample)

Dropped by

SHA256 4fda417dfcb5c09822f7be94a6c0fb2ff83b0df47f4ca12d4c07eef53ebac6a5

URLhaus

https://urlhaus.abuse.ch/url/3594915/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample