MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89912e2fe24959c48c45131a3260aa6b8dd123a7ae820a9c82b418b37dbdf8a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 10

Intelligence 10 IOCs YARA 4 File information Comments

SHA256 hash:	89912e2fe24959c48c45131a3260aa6b8dd123a7ae820a9c82b418b37dbdf8a3
SHA3-384 hash:	6a4c5fcb053003a714d5254479a3061fd4ba561e9b2ef51a64a841639824094602dec11540fe3cd6462b3aa9d7a2c72a
SHA1 hash:	f50ac76ee79446d018eed700a3a530094c015b78
MD5 hash:	d19965b4000ed614baef523fc5f732ae
humanhash:	dakota-georgia-illinois-apart
File name:	parm5
Download:	download sample
Signature	Mirai Create hunting rule
File size:	42'504 bytes
First seen:	2025-11-28 19:21:33 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	768:LIpa6AlXGOgJMq4Q+H6CTM2b7GpAh891aS0dg5yOMwAnMUOwwIK:uavXQJMlQS7GnXEkyOMwAXwZ
TLSH	T1AC13F991F8C25B2BC2E013BAA66E618D3361A3E8D2CF7327D8125B417B8951F4D67B41
telfhash	t172f05c04be668e0559e79570cdbd07a4e802111391a69b24cf12cbe0883f448e308d1d
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 718162da8a62c081ee849ce425e0566a416a5560b4c20efb5501c9a14565d42e

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	19'652 bytes
File size (de-compressed) :	42'504 bytes
Format:	linux/arm
Packed file:	718162da8a62c081ee849ce425e0566a416a5560b4c20efb5501c9a14565d42e

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Unix.Trojan.Mirai-9441505-0

Unix.Trojan.Mirai-9858729-0

Result

Verdict:

Malware

Maliciousness:

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

bash lolbin rust

Link:

https://www.filescan.io/uploads/6929f6652cd29ea630030245/reports/39604148-e870-4643-b1ab-70b36c024310/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/89912e2fe24959c48c45131a3260aa6b8dd123a7ae820a9c82b418b37dbdf8a3

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Result

Gathering data

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/0d5e8150-65f4-49c4-bc77-ab17aaea739f

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9be8fb30-639c-4194-93aa-016bac1e5803

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1822413

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/89912e2fe24959c48c45131a3260aa6b8dd123a7ae820a9c82b418b37dbdf8a3

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/89912e2fe24959c48c45131a3260aa6b8dd123a7ae820a9c82b418b37dbdf8a3/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-11-28 19:22:13 UTC

File Type:

ELF32 Little (Exe)

AV detection:

16 of 36 (44.44%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rgis4l7cjfm4jdcfcmndeyfknog5ci5hv2bavhecwqmlg7n57crq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:mirai

Link:

https://tria.ge/reports/251128-x3bedazqep/

Verdict:

Malicious

Tags:

Unix.Trojan.Mirai-9441505-0

YARA:

n/a

Link:

https://app.threat.zone/submission/6ce3f32e-7734-467c-a1ea-57f872f5bbb0

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/89912e2fe24959c48c45131a3260aa6b8dd123a7ae820a9c82b418b37dbdf8a3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	ELF_Mirai Create hunting rule
Author:	NDA0E
Description:	Detects multiple Mirai variants

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	setsockopt Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for setsockopt() red flags

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 718162da8a62c081ee849ce425e0566a416a5560b4c20efb5501c9a14565d42e

Mirai

elf 89912e2fe24959c48c45131a3260aa6b8dd123a7ae820a9c82b418b37dbdf8a3

(this sample)

Dropped by

SHA256 718162da8a62c081ee849ce425e0566a416a5560b4c20efb5501c9a14565d42e

URLhaus

https://urlhaus.abuse.ch/url/3718946/

Delivery method

Distributed via web download

Dropped by

MD5 0b342a369426bda1da4f62e971dba9c3

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample