MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83ee9612b0a6c4fe26e320e6eb953a4f5f49a4a50a8c9070a867f8ad02f19601. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83ee9612b0a6c4fe26e320e6eb953a4f5f49a4a50a8c9070a867f8ad02f19601
SHA3-384 hash: d2f21cfec0d0409526029e89dacbe9a155fa88778db9ecfbbaa406fd37c0eb382bbb16e12b7995433de8ba661e4837d8
SHA1 hash: 699dc78c2fc34d505037c31d6a72d0a753e8bab2
MD5 hash: aed2ebf65f90a495974c990b23dace43
humanhash: sierra-arizona-kilo-zebra
File name:skid.armv5l
Download: download sample
Signature Mirai
Create hunting rule
File size:111'368 bytes
First seen:2025-04-17 09:44:23 UTC
Last seen:2025-04-17 11:18:57 UTC
File type: elf
MIME type:application/x-executable
ssdeep 1536:UfnSX5GH2y2xxRfv6i7hosvdKxu0+n244oQ6csi/VU0heqTVrzHh3sgS/3kC7ORj:d5HvRfhosvdKx4n2kQai/04h3NTjt
TLSH T198B30A8DE8A16B15C1E96ABAFE5D45CD330217BCD2EA31158D065F20678F88D0E3EBC5
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
61
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ELF.Mirai-CQU.15776.3113.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6800d152280f5f89a0d05583linux22vpnfull_triage
Tags:
mirai
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file
Substitutes an application name
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6800cdb990767142c3d8cdd7/reports/0dd57bad-4b08-4683-ac22-d3a5105fa339/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
108
Number of processes launched:
2
Processes remaning?
true
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/83ee9612b0a6c4fe26e320e6eb953a4f5f49a4a50a8c9070a867f8ad02f19601
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
type: 74.125.250.129:19302
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c2249e08-614c-4782-8957-20d812c886b7
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1667339
Signature
Performs DNS TXT record lookups
Suricata IDS alerts for network traffic
Uses STUN server to do NAT traversial
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1667339 Sample: skid.armv5l.elf Startdate: 17/04/2025 Architecture: LINUX Score: 56 14 6mv1eyr328y6due83u3js6whtzuxfyhw.su 2->14 16 stun.l.google.com 2->16 18 2 other IPs or domains 2->18 20 Suricata IDS alerts for network traffic 2->20 8 skid.armv5l.elf 2->8         started        signatures3 22 Performs DNS TXT record lookups 14->22 24 Uses STUN server to do NAT traversial 16->24 process4 process5 10 skid.armv5l.elf 8->10         started        process6 12 skid.armv5l.elf 10->12         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/83ee9612b0a6c4fe26e320e6eb953a4f5f49a4a50a8c9070a867f8ad02f19601
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83ee9612b0a6c4fe26e320e6eb953a4f5f49a4a50a8c9070a867f8ad02f19601/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-04-17 09:45:28 UTC
File Type:
ELF32 Little (Exe)
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qpxjmevqu3cp4jxdedtoxfj2j5putjffbkgja4fim74k2axrsyaq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
credential_access discovery
Link:
https://tria.ge/reports/250417-lq97dsvqt6/
Behaviour
Reads runtime system information
Changes its process name
Reads process memory
Enumerates running processes
Renames itself
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1c5056631c1920a5159b6bf3a516da814b2e2faa511a38115d3611fef5b05b38

Mirai

elf 83ee9612b0a6c4fe26e320e6eb953a4f5f49a4a50a8c9070a867f8ad02f19601

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3514729/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 1c5056631c1920a5159b6bf3a516da814b2e2faa511a38115d3611fef5b05b38
  
Dropped by
MD5 d71ee51c1fc02f238fcfc3ef7b322600
  
Dropped by
SHA256 3a8d1a58f3e5d1b768c9e9d04a2705d6fcdcd38767502f110396ad88f67a84af
  
Dropped by
MD5 b6b2b17dd302a494ea15e8f8edf95d45
  
Dropped by
SHA256 3f7725dd065cffa81dc152b638de312869ac82778d9c233af718c4883d35da66
  
Dropped by
MD5 f381bddccaa8b5cf7af9e3479f7bce05
  
URLhaus
https://urlhaus.abuse.ch/url/3514745/
  
URLhaus
https://urlhaus.abuse.ch/url/3514748/
  
URLhaus
https://urlhaus.abuse.ch/url/3514749/

Comments