MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b84536371d1d07296f8fbe58c735abedfffc56bdba56b57cac935f5efc6d50d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b84536371d1d07296f8fbe58c735abedfffc56bdba56b57cac935f5efc6d50d
SHA3-384 hash: 3c80256bea8e241f0ae91ae21bdc4e2e4cec73eb966ec1aa2d96138e693a34f28e50bc21ccb9fe3dd6b4303e16b403bd
SHA1 hash: 77f8f832868b0cb82f64ba6230127b01d4851db3
MD5 hash: 55c4f038ca6fecf82fd7d1073d2696b2
humanhash: eleven-johnny-social-delta
File name:mpsl
Download: download sample
Signature Mirai
Create hunting rule
File size:110'156 bytes
First seen:2025-11-13 07:13:23 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:Tt8dgfb04FKEEj9TvTBh7W0yhxEaqUv6/kFonYxYZrAWG1n:/xKZI0yhrdEPrh2
TLSH T1D2B3D656BFA11EF7DC5FCC3706EA1705248C651A22B97F3A7534C928B60B24F4AE3864
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 76837ee899180d1174e22424fa56c7efa1b5bb3777f537cba773b13bf6263a34
File size (compressed) :40'260 bytes
File size (de-compressed) :110'156 bytes
Format:linux/mipsel
Packed file: 76837ee899180d1174e22424fa56c7efa1b5bb3777f537cba773b13bf6263a34

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Mirai-10017641-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6915854735898d9a3611614e/reports/c3bb800a-e19e-4442-80bd-0adf48cea708/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
not packed
Botnet:
unknown
Number of open files:
7
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/8b84536371d1d07296f8fbe58c735abedfffc56bdba56b57cac935f5efc6d50d
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-11-13T05:40:00Z UTC
Last seen:
2025-11-13T06:41:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8b84536371d1d07296f8fbe58c735abedfffc56bdba56b57cac935f5efc6d50d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/505e2b78-f8c7-42ab-990c-b580c71f3799
Behavior Graph:
Download SVG
%3 guuid=828274f9-1800-0000-08c0-b7a1bf0d0000 pid=3519 /usr/bin/sudo guuid=af8fd2fc-1800-0000-08c0-b7a1c30d0000 pid=3523 /tmp/sample.bin guuid=828274f9-1800-0000-08c0-b7a1bf0d0000 pid=3519->guuid=af8fd2fc-1800-0000-08c0-b7a1c30d0000 pid=3523 execve
Gathering data
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1813154
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/8b84536371d1d07296f8fbe58c735abedfffc56bdba56b57cac935f5efc6d50d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b84536371d1d07296f8fbe58c735abedfffc56bdba56b57cac935f5efc6d50d/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-13 07:14:19 UTC
File Type:
ELF32 Little (Exe)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rocfgy3r2hihffxy7psyy422x3p77rll3oswwv6kze27l36g2ugq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai
Link:
https://tria.ge/reports/251113-h2svpsxmgy/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-10017641-0
YARA:
n/a
Link:
https://app.threat.zone/submission/49a9be9e-04bc-47dd-bd76-d9cceb1b75b4
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8b84536371d1d07296f8fbe58c735abedfffc56bdba56b57cac935f5efc6d50d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 76837ee899180d1174e22424fa56c7efa1b5bb3777f537cba773b13bf6263a34

Mirai

elf 8b84536371d1d07296f8fbe58c735abedfffc56bdba56b57cac935f5efc6d50d

(this sample)

  
Dropped by
SHA256 76837ee899180d1174e22424fa56c7efa1b5bb3777f537cba773b13bf6263a34
  
URLhaus
https://urlhaus.abuse.ch/url/3693005/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 685d2f464052bb5d312cb280640e3339

Comments