MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab0ff82365a8a88563c7f7bb02786f65115e66147c3c89a16e2f7423c4e727bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab0ff82365a8a88563c7f7bb02786f65115e66147c3c89a16e2f7423c4e727bf
SHA3-384 hash: f05f30b2c597aa45beb3a80be4eb3af25ca9da77ddf6f317e57cddf304b65aa1a6fef21358c30ae4c9a84664e3998d3c
SHA1 hash: 141e7c768d386322349e7904807e455cf7c3e4dc
MD5 hash: ec7181675ea614252918529ed00c635a
humanhash: november-neptune-golf-pasta
File name:xnxnxnxnxnxnxnxnaarch64xnxn
Download: download sample
Signature Mirai
Create hunting rule
File size:197'496 bytes
First seen:2026-02-21 07:08:24 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 3072:M+I3QMYViYWIZIEdH+zIsiq6LiX26tXNFzPxo56:M4GIZIEdHSci5bI6
TLSH T17E148D68FE4F6CD1D2C6E37DAE4A0FA231277C748566C0B51A00A39FD5EEED48891613
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 4034d3c1d40097edcfda1c7f97ff057dc11b8dc2f25a16e53bc2122cb6af07ae
File size (compressed) :73'964 bytes
File size (de-compressed) :197'496 bytes
Format:linux/arm64
Packed file: 4034d3c1d40097edcfda1c7f97ff057dc11b8dc2f25a16e53bc2122cb6af07ae

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Detection(s):
Unix.Virus.Ladvix-10013865-0
Create hunting rule

Unix.Trojan.Mirai-10056451-0
Create hunting rule

Unix.Trojan.Mirai-10058917-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm anti-vm bashlite gafgyt mirai rust virus
Link:
https://www.filescan.io/uploads/69995a1c97feb4afd6504db8/reports/a9222cb2-5782-4e1c-af04-3bb642ab1d11/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/ab0ff82365a8a88563c7f7bb02786f65115e66147c3c89a16e2f7423c4e727bf
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/169fc045-6027-42bf-b32d-5a97c359ad23
Behavior Graph:
Download SVG
%3 guuid=582c84ba-1800-0000-6dcb-280c5c0e0000 pid=3676 /usr/bin/sudo guuid=e1dd73bc-1800-0000-6dcb-280c620e0000 pid=3682 /tmp/sample.bin guuid=582c84ba-1800-0000-6dcb-280c5c0e0000 pid=3676->guuid=e1dd73bc-1800-0000-6dcb-280c620e0000 pid=3682 execve
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/39518c0c-4505-44b2-9f90-6b9b99abdf7a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/ab0ff82365a8a88563c7f7bb02786f65115e66147c3c89a16e2f7423c4e727bf
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/ab0ff82365a8a88563c7f7bb02786f65115e66147c3c89a16e2f7423c4e727bf/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vmh7qi3fvcuiky6h665qe6dpmuiv4zqupq6itilof52chrhhe67q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260221-hyya1scz5a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ab0ff82365a8a88563c7f7bb02786f65115e66147c3c89a16e2f7423c4e727bf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6079ea25296385cfe96350ee7430c77b8c2fcf765bd0e9934b88ab664380fa65

Mirai

elf 4034d3c1d40097edcfda1c7f97ff057dc11b8dc2f25a16e53bc2122cb6af07ae

Mirai

elf ab0ff82365a8a88563c7f7bb02786f65115e66147c3c89a16e2f7423c4e727bf

(this sample)

  
Dropped by
SHA256 4034d3c1d40097edcfda1c7f97ff057dc11b8dc2f25a16e53bc2122cb6af07ae
  
URLhaus
https://urlhaus.abuse.ch/url/3776245/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3776277/
  
Dropped by
MD5 d06990b93bf7a3be666851f656cacc0d
  
URLhaus
https://urlhaus.abuse.ch/url/3776248/
  
URLhaus
https://urlhaus.abuse.ch/url/3776278/
  
URLhaus
https://urlhaus.abuse.ch/url/3774578/
  
URLhaus
https://urlhaus.abuse.ch/url/3782384/

Comments