MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e513a071372e653297deaa0814430f3c92b713c28aa668d2e8144d7f0f7949b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e513a071372e653297deaa0814430f3c92b713c28aa668d2e8144d7f0f7949b
SHA3-384 hash: f04bea2cb37c85eab3f8edaf4e913160756869c8ccfb1e5426915d7723e74ac1fd7dbe7ede83c62d624f524241aa1568
SHA1 hash: 501744513931b17a9c0f83d236d4fed553fc632f
MD5 hash: f5f3ba8217609b2519f0d9c628e96b6c
humanhash: chicken-blue-single-don
File name:Owari.spc
Download: download sample
Signature Mirai
Create hunting rule
File size:59'828 bytes
First seen:2025-02-16 15:51:48 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:PaobQ3Qfq99aCWNvzsXWJyaE36WsYP2M94ddlAv/FqO+2UrFS:PaKQ3QfS9aCWNvzo2yH36vYZxF4PS
TLSH T1A8431925AD792E26C0D8A57E51F7C214F2E2620E25F4C65E3C720E4EFF04B4069677BA
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135890-0
Create hunting rule

Unix.Dropper.Mirai-7135939-0
Create hunting rule

Unix.Dropper.Mirai-7136025-0
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b20a7e28ab76d43a5b43c1linux22vpnfull_triage
Tags:
mirai
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
android masquerade mirai
Link:
https://www.filescan.io/uploads/67b209b5991985e0a959e196/reports/8ffeabd6-a85a-4638-b997-24a5a5535d5a/overview
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/8eed44a7-14bb-4889-acc8-f36ae3abf3ae
Result
Threat name:
n/a
Detection:
malicious
Classification:
spre
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1616374
Signature
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1616374 Sample: Owari.spc.elf Startdate: 16/02/2025 Architecture: LINUX Score: 52 39 197.191.111.185, 23 zain-asGH Ghana 2->39 41 110.41.152.87, 23 YLWLBeijingYunlinNetworkTechnologyCoLtdCN China 2->41 43 98 other IPs or domains 2->43 47 Multi AV Scanner detection for submitted file 2->47 10 Owari.spc.elf 2->10         started        signatures3 process4 process5 12 Owari.spc.elf 10->12         started        14 Owari.spc.elf 10->14         started        16 Owari.spc.elf 10->16         started        process6 18 Owari.spc.elf 12->18         started        21 Owari.spc.elf 12->21         started        23 Owari.spc.elf 12->23         started        25 Owari.spc.elf 14->25         started        27 Owari.spc.elf 14->27         started        signatures7 45 Sample tries to kill multiple processes (SIGKILL) 18->45 29 Owari.spc.elf 25->29         started        31 Owari.spc.elf 25->31         started        33 Owari.spc.elf 25->33         started        process8 process9 35 Owari.spc.elf 29->35         started        37 Owari.spc.elf 29->37         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/9e513a071372e653297deaa0814430f3c92b713c28aa668d2e8144d7f0f7949b
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9e513a071372e653297deaa0814430f3c92b713c28aa668d2e8144d7f0f7949b/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-02-11 17:08:28 UTC
File Type:
ELF32 Big (Exe)
AV detection:
25 of 37 (67.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tzitubytoltfgkl55kqicrbq6pesw4j4fcvgndjoqfcnp4hxssnq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:owari linux
Link:
https://tria.ge/reports/250216-ta497s1qhl/
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135890-0
YARA:
n/a
Link:
https://app.threat.zone/submission/0b4245dd-a836-4f53-8d62-7c0fa4372915
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/9e513a071372e653297deaa0814430f3c92b713c28aa668d2e8144d7f0f7949b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 9e513a071372e653297deaa0814430f3c92b713c28aa668d2e8144d7f0f7949b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3441940/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3442818/

Comments