MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0c072c5c3dee6d5b1b48815d6a8e1ed34d447c98e6ec344e6cbed193179adfe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0c072c5c3dee6d5b1b48815d6a8e1ed34d447c98e6ec344e6cbed193179adfe
SHA3-384 hash: a703d04c093a99d3619dccc9a6a18ea7c082316cf988f1b30c11503e643bf3c5f36074b2f1dcf64eab04e367c4b2553a
SHA1 hash: 4e98124e55c2dbb05a03d18ac329e71693ac81c4
MD5 hash: 8d0e86539346e924328d4498c8716e19
humanhash: wolfram-vegan-arkansas-seven
File name:xnxnxnxnxnxnxnxnmipsxnxn
Download: download sample
Signature Mirai
Create hunting rule
File size:74'740 bytes
First seen:2025-12-31 18:16:14 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:Lx9QNLUDIJX4bvh/jt2oAnBPowEtYO7d7Tarpaw6tiKFUorY:L4NAMJX4FEoABPoJOOlaD6tiKuSY
TLSH T1F3730139B0EB6BB0D90A53B2492EDDF09807D78563988560C584D2E46FF26AA3D7DA01
Magika elf
Reporter abuse_ch
Tags:elf mirai UPX
File size (compressed) :74'740 bytes
File size (de-compressed) :166'912 bytes
Format:linux/mips
Unpacked file: cd349ffb5971b9954e9cb7331c55415d8205c158d8287b66306202d3921c4bd2

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/5750a56d-4cde-4a61-a96d-b853aa5b3565/
Detection(s):
SecuriteInfo.com.ELF.Agent-BQZ.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
anti-vm gafgyt mirai packed upx
Link:
https://www.filescan.io/uploads/695568722fb7bb52ca83938e/reports/54c9f6e6-0ab8-4a67-a204-bb7fadde573e/overview
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-12-31T15:34:00Z UTC
Last seen:
2025-12-31T15:49:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Gafgyt.ix
Link:
https://opentip.kaspersky.com/a0c072c5c3dee6d5b1b48815d6a8e1ed34d447c98e6ec344e6cbed193179adfe/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b60f28f4-2359-48a9-b748-aadd9488dea8
Behavior Graph:
Download SVG
%3 guuid=9c06c889-1800-0000-26c1-6c0d7c0a0000 pid=2684 /usr/bin/sudo guuid=c8f17d8b-1800-0000-26c1-6c0d820a0000 pid=2690 /tmp/sample.bin guuid=9c06c889-1800-0000-26c1-6c0d7c0a0000 pid=2684->guuid=c8f17d8b-1800-0000-26c1-6c0d820a0000 pid=2690 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f50502fa-1224-4fad-9fdd-cf1c826c7681
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1842748
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/a0c072c5c3dee6d5b1b48815d6a8e1ed34d447c98e6ec344e6cbed193179adfe
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0c072c5c3dee6d5b1b48815d6a8e1ed34d447c98e6ec344e6cbed193179adfe/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/a0c072c5c3dee6d5b1b48815d6a8e1ed34d447c98e6ec344e6cbed193179adfe
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-31 18:17:20 UTC
File Type:
ELF32 Big (Exe)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=udahfrod33tnlmnurak5nkhb5u2nir6jrzxmgrhgzpwrsmlzvx7a._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
antivm discovery upx
Link:
https://tria.ge/reports/251231-wwpgzswmck/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Reads system network configuration
Checks hardware identifiers (DMI)
Enumerates active TCP sockets
Enumerates running processes
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/85c65859-b045-43d3-aa0f-2b5c6ecb12f0
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a0c072c5c3dee6d5b1b48815d6a8e1ed34d447c98e6ec344e6cbed193179adfe

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf a0c072c5c3dee6d5b1b48815d6a8e1ed34d447c98e6ec344e6cbed193179adfe

(this sample)

Mirai

elf cd349ffb5971b9954e9cb7331c55415d8205c158d8287b66306202d3921c4bd2

  
URLhaus
https://urlhaus.abuse.ch/url/3696649/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 cd349ffb5971b9954e9cb7331c55415d8205c158d8287b66306202d3921c4bd2
  
Dropping
MD5 9bd100ef65b6ee367841f56fe59a836a
  
URLhaus
https://urlhaus.abuse.ch/url/3739935/

Comments