MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 15


Intelligence 15 IOCs YARA 16 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936
SHA3-384 hash: 89baf78c5f1a5541338df0d14f54faaa6ef31045adf823c767bc6f4ddb128571621e7a9e0e2ec23c5efc33fd3271b2fa
SHA1 hash: 033f040f8e382d484a001cdd8ff9e986487d6d02
MD5 hash: e746fd26d6fb951edcad797152e9fcdc
humanhash: blossom-seventeen-utah-romeo
File name:morte.x86
Download: download sample
Signature Mirai
Create hunting rule
File size:111'892 bytes
First seen:2025-11-07 17:08:21 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:prdNVah++LCCJm6ODk1fs35bx1gIFRYxFN9OZS1/ABr:LvahLbEk1E3pg0gF0r
TLSH T133B35BC1A5C3C4F9E903403A20B3A77BD972D8392138DD53C7E89F77A92E681C44A66D
telfhash t10531f1b6f2a30cedabd09813a55e27309d0dfa7f78702bf904f168253672540513ac39
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1
File size (compressed) :47'216 bytes
File size (de-compressed) :111'892 bytes
Format:linux/i386
Packed file: fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1

Intelligence

File Origin
# of uploads :
1
# of downloads :
47
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30435.LC.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Siggen.9999-14.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-7100807-0
Create hunting rule

Unix.Dropper.Mirai-7135897-0
Create hunting rule

Unix.Dropper.Mirai-7135901-0
Create hunting rule

Unix.Dropper.Mirai-7135909-0
Create hunting rule

Unix.Trojan.Mirai-7135916-0
Create hunting rule

Unix.Dropper.Mirai-7135918-0
Create hunting rule

Unix.Dropper.Mirai-7135954-0
Create hunting rule

Unix.Dropper.Mirai-7136016-0
Create hunting rule

Unix.Dropper.Mirai-7136028-0
Create hunting rule

Unix.Trojan.Mirai-8025795-0
Create hunting rule

Unix.Dropper.Mirai-10007027-0
Create hunting rule

Unix.Trojan.Mirai-10009361-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
DNS request
Runs as daemon
Opens a port
Performs a bruteforce attack in the network
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
masquerade mirai obfuscated
Link:
https://www.filescan.io/uploads/690e27bd8938e2fe2214484f/reports/c707fe8e-dceb-47e0-83c1-cdd0635a69fc/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
not packed
Botnet:
unknown
Number of open files:
47
Number of processes launched:
8
Processes remaning?
false
Remote TCP ports scanned:
8888,8080,8081,80,9527,5000,23,37215,22,52869,81
Full report:
https://elfdigest.com/brief/b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936
Behaviour
Information Gathering
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-11-07T14:24:00Z UTC
Last seen:
2025-11-09T12:01:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Gafgyt.bj HEUR:Exploit.Linux.CVE-2018-10561.a HEUR:Backdoor.Linux.Mirai.r HEUR:Backdoor.Linux.Mirai.b HEUR:Backdoor.Linux.Gafgyt.bl
Link:
https://opentip.kaspersky.com/b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fd79db3a-1044-4750-afab-6fef7cca0177
Behavior Graph:
Download SVG
%3 guuid=e1c8223e-1900-0000-251d-d0c20d070000 pid=1805 /usr/bin/sudo guuid=47360940-1900-0000-251d-d0c213070000 pid=1811 /tmp/sample.bin net guuid=e1c8223e-1900-0000-251d-d0c20d070000 pid=1805->guuid=47360940-1900-0000-251d-d0c213070000 pid=1811 execve 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=47360940-1900-0000-251d-d0c213070000 pid=1811->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c0f44d40-1900-0000-251d-d0c215070000 pid=1813 /tmp/sample.bin guuid=47360940-1900-0000-251d-d0c213070000 pid=1811->guuid=c0f44d40-1900-0000-251d-d0c215070000 pid=1813 clone guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391 /tmp/sample.bin net zombie guuid=47360940-1900-0000-251d-d0c213070000 pid=1811->guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391 clone guuid=8bf0d36c-1a00-0000-251d-d0c258090000 pid=2392 /tmp/sample.bin guuid=47360940-1900-0000-251d-d0c213070000 pid=1811->guuid=8bf0d36c-1a00-0000-251d-d0c258090000 pid=2392 clone guuid=a2d0da6c-1a00-0000-251d-d0c259090000 pid=2393 /tmp/sample.bin net send-data zombie guuid=47360940-1900-0000-251d-d0c213070000 pid=1811->guuid=a2d0da6c-1a00-0000-251d-d0c259090000 pid=2393 clone guuid=28695640-1900-0000-251d-d0c216070000 pid=1814 /tmp/sample.bin net zombie guuid=c0f44d40-1900-0000-251d-d0c215070000 pid=1813->guuid=28695640-1900-0000-251d-d0c216070000 pid=1814 clone guuid=25e05b40-1900-0000-251d-d0c217070000 pid=1815 /tmp/sample.bin guuid=c0f44d40-1900-0000-251d-d0c215070000 pid=1813->guuid=25e05b40-1900-0000-251d-d0c217070000 pid=1815 clone guuid=c7056140-1900-0000-251d-d0c218070000 pid=1816 /tmp/sample.bin dns net send-data zombie guuid=c0f44d40-1900-0000-251d-d0c215070000 pid=1813->guuid=c7056140-1900-0000-251d-d0c218070000 pid=1816 clone guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 90e94b4c-5233-5baa-9d0f-143719015890 27.64.32.164:9527 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->90e94b4c-5233-5baa-9d0f-143719015890 con d2343466-4a48-5bbb-a7a6-8db885611feb 104.60.56.164:9527 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->d2343466-4a48-5bbb-a7a6-8db885611feb con 6084dd89-7e8a-56ac-adb8-6c5ea7d1575f 181.11.210.190:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->6084dd89-7e8a-56ac-adb8-6c5ea7d1575f con 2dd4466e-6379-5dab-a2bc-088e203ce579 149.216.76.210:37215 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->2dd4466e-6379-5dab-a2bc-088e203ce579 con d0348a11-ce1b-5887-b59f-cc43a5505e49 43.255.24.33:8081 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->d0348a11-ce1b-5887-b59f-cc43a5505e49 con bd78bd8a-4378-5854-a9e4-fce8a1e3c60b 187.44.197.75:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->bd78bd8a-4378-5854-a9e4-fce8a1e3c60b con eeb35c9b-088e-5af1-8d84-205fff6566d4 213.53.237.78:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->eeb35c9b-088e-5af1-8d84-205fff6566d4 con ff91ed0e-1905-5c6b-bfd7-428e823b5fae 63.94.162.34:9527 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->ff91ed0e-1905-5c6b-bfd7-428e823b5fae con 193aaa4e-8f6f-51a5-92d6-9888ab01ca55 194.140.35.205:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->193aaa4e-8f6f-51a5-92d6-9888ab01ca55 con f3c0c3e0-95a3-58b0-9e4f-56aac285dbc6 191.203.75.69:37215 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->f3c0c3e0-95a3-58b0-9e4f-56aac285dbc6 con 1d14269a-d723-5d0e-abad-1a1c9fe407cc 110.255.145.145:37215 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->1d14269a-d723-5d0e-abad-1a1c9fe407cc con 6f16ddf3-c595-50f5-b5f8-e8b13a5d86c9 218.113.93.19:22 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->6f16ddf3-c595-50f5-b5f8-e8b13a5d86c9 con 5eb6da50-9918-593f-bfc1-854e6150f65e 195.180.181.227:9527 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->5eb6da50-9918-593f-bfc1-854e6150f65e con b671649c-011b-5c71-923c-a4963969b342 182.89.40.119:81 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->b671649c-011b-5c71-923c-a4963969b342 con bc84eb7d-65d2-549e-adf5-6941f9217aff 53.211.55.206:9527 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->bc84eb7d-65d2-549e-adf5-6941f9217aff con 34c5d307-a728-55c6-b2a5-e594d4704f32 221.77.163.109:81 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->34c5d307-a728-55c6-b2a5-e594d4704f32 con 868c7f0c-d763-5018-994a-81c7a5c1b084 107.206.38.206:8081 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->868c7f0c-d763-5018-994a-81c7a5c1b084 con 0eca6114-3ae6-54f5-b4c3-6e112c50b902 160.255.152.5:37215 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->0eca6114-3ae6-54f5-b4c3-6e112c50b902 con a7cabf0c-14e3-552c-aacb-a28ac5ddf644 211.162.52.239:37215 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->a7cabf0c-14e3-552c-aacb-a28ac5ddf644 con 422f3a20-cc02-55d2-96d4-78ec37328638 84.51.195.155:22 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->422f3a20-cc02-55d2-96d4-78ec37328638 con ab395a39-68ee-55ce-b6e8-63ea34cf9334 143.191.45.133:81 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->ab395a39-68ee-55ce-b6e8-63ea34cf9334 con 55e97cbb-833f-5baf-a1cb-ef221d67de49 116.149.255.123:8081 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->55e97cbb-833f-5baf-a1cb-ef221d67de49 con c81ac0e8-3acc-59ce-9ea8-724298bc2c87 54.224.149.113:8080 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->c81ac0e8-3acc-59ce-9ea8-724298bc2c87 con 86c911e2-a260-5cfc-b889-855587edd524 103.66.189.45:22 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->86c911e2-a260-5cfc-b889-855587edd524 con 7d024a8a-b844-502c-8ebe-ed669cdd4d24 140.16.137.214:8888 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->7d024a8a-b844-502c-8ebe-ed669cdd4d24 con 908b3f40-4c5d-57ed-95fa-1f85e15f3964 107.85.210.153:52869 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->908b3f40-4c5d-57ed-95fa-1f85e15f3964 con dd26057b-1ca3-5bfb-9ce2-4cc695841860 219.247.68.16:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->dd26057b-1ca3-5bfb-9ce2-4cc695841860 con dc9474ed-cd73-5d44-b2ea-56ee34c0ebcb 61.26.166.23:8081 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->dc9474ed-cd73-5d44-b2ea-56ee34c0ebcb con 45aff17b-198f-581e-a07f-156bb23582f7 158.219.252.145:23 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->45aff17b-198f-581e-a07f-156bb23582f7 con 58253aa2-02d8-5326-b610-02ef30d65b38 88.112.217.152:8080 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->58253aa2-02d8-5326-b610-02ef30d65b38 con 36b0c357-6546-54b0-a2b2-1110695dda9f 202.96.103.176:52869 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->36b0c357-6546-54b0-a2b2-1110695dda9f con 46656d51-4ac4-5a53-92e8-0f6f2a90254b 60.160.77.127:8081 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->46656d51-4ac4-5a53-92e8-0f6f2a90254b con a7ebeaa5-d24a-5d1f-806e-6fcebbbe7620 204.160.189.172:52869 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->a7ebeaa5-d24a-5d1f-806e-6fcebbbe7620 con f1a5d255-e9c0-5be0-8a93-2abd15630775 132.53.210.184:9527 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->f1a5d255-e9c0-5be0-8a93-2abd15630775 con d769fc6d-1098-5e37-b4d6-20a1c550e26d 77.177.73.97:22 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->d769fc6d-1098-5e37-b4d6-20a1c550e26d con d121625d-1701-5c98-a0ab-bc476d00e622 117.78.60.131:23 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->d121625d-1701-5c98-a0ab-bc476d00e622 con 660860b0-53ae-5ad1-852b-e7330485e20a 46.213.159.131:8081 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->660860b0-53ae-5ad1-852b-e7330485e20a con d1ed83d7-2460-5d78-a44a-a57caeb76e2b 170.42.205.215:37215 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->d1ed83d7-2460-5d78-a44a-a57caeb76e2b con 5cb5ee82-e152-5fc6-8e8d-cd6790b3a331 201.58.89.195:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->5cb5ee82-e152-5fc6-8e8d-cd6790b3a331 con ecc2c5d0-4699-5719-9d44-4fba67811543 203.218.36.97:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->ecc2c5d0-4699-5719-9d44-4fba67811543 con ccd61f5d-0121-5850-b4ba-1ded05a54f91 58.148.191.142:9527 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->ccd61f5d-0121-5850-b4ba-1ded05a54f91 con 0bd63f7d-bd9b-56cb-b8d9-b3d017f5b990 82.117.147.207:23 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->0bd63f7d-bd9b-56cb-b8d9-b3d017f5b990 con a0185e64-20fb-59b5-b425-0926518c7054 170.84.97.158:9527 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->a0185e64-20fb-59b5-b425-0926518c7054 con a1e9153e-e188-567a-8f5a-bbe5e187284a 171.233.53.84:8080 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->a1e9153e-e188-567a-8f5a-bbe5e187284a con 519f3f84-f5ce-5008-9e25-589d9810e696 105.21.118.68:22 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->519f3f84-f5ce-5008-9e25-589d9810e696 con e4b91548-6e5c-55fe-af5c-16b96055f05c 207.185.196.126:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->e4b91548-6e5c-55fe-af5c-16b96055f05c con d59472f7-5350-5793-b4a7-6611628f7742 71.107.169.210:37215 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->d59472f7-5350-5793-b4a7-6611628f7742 con a88d492b-c8eb-59d3-bf73-d120dabe6af0 1.56.3.192:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->a88d492b-c8eb-59d3-bf73-d120dabe6af0 con 865ae484-831a-53d3-830a-a62e630c9e3c 121.238.154.168:8081 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->865ae484-831a-53d3-830a-a62e630c9e3c con 179d0122-0170-51b5-b686-070375a148a0 130.102.228.61:8081 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->179d0122-0170-51b5-b686-070375a148a0 con 300aa7ed-6135-55ae-9f9b-ad62ce7017bd 62.221.115.241:8081 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->300aa7ed-6135-55ae-9f9b-ad62ce7017bd con 3aad46a3-138c-5efb-a487-e9888b90be18 27.39.26.255:81 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->3aad46a3-138c-5efb-a487-e9888b90be18 con 044d8bda-2c22-5f49-83f4-8402a80c5c0d 149.151.177.54:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->044d8bda-2c22-5f49-83f4-8402a80c5c0d con 5e3faca3-af5c-5da4-9ad7-355597cd822c 62.77.194.93:81 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->5e3faca3-af5c-5da4-9ad7-355597cd822c con 27242a81-60be-5f47-b9bb-ef8b655b5fea 109.50.20.159:22 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->27242a81-60be-5f47-b9bb-ef8b655b5fea con 83edfaaa-0b1c-5d8b-b547-f4c20e0b3789 44.153.204.215:23 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->83edfaaa-0b1c-5d8b-b547-f4c20e0b3789 con 2f4e84a0-f4a5-528b-81a0-bda170661bc7 67.95.200.212:52869 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->2f4e84a0-f4a5-528b-81a0-bda170661bc7 con a8737c4f-85c6-5386-a4aa-14f4e7a55b36 114.185.111.187:8080 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->a8737c4f-85c6-5386-a4aa-14f4e7a55b36 con 5e36da21-8f88-5f42-a42a-51883fc6d865 222.7.37.75:52869 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->5e36da21-8f88-5f42-a42a-51883fc6d865 con cb92abe7-628d-5a90-bb46-b6f1c6b4cc6f 218.202.121.79:8080 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->cb92abe7-628d-5a90-bb46-b6f1c6b4cc6f con 8929ae7e-5420-5cbf-a0a4-1207d30af228 99.207.29.250:80 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->8929ae7e-5420-5cbf-a0a4-1207d30af228 con a473a67c-5f1a-50f1-b1a0-9faaf3086dc3 87.251.24.152:37215 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->a473a67c-5f1a-50f1-b1a0-9faaf3086dc3 con bd1e6158-771f-59cd-b131-c2df1b4128f9 177.118.228.36:22 guuid=28695640-1900-0000-251d-d0c216070000 pid=1814->bd1e6158-771f-59cd-b131-c2df1b4128f9 con guuid=c7056140-1900-0000-251d-d0c218070000 pid=1816->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 108B 62d17e6a-4c11-5f38-bf9d-8aec77b84b23 mortex.duckdns.org:12121 guuid=c7056140-1900-0000-251d-d0c218070000 pid=1816->62d17e6a-4c11-5f38-bf9d-8aec77b84b23 con guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1c2a45d0-a406-5d21-94b9-4542f60db601 203.117.43.171:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->1c2a45d0-a406-5d21-94b9-4542f60db601 con fb930c86-9e2c-58c3-a662-92013da06365 192.74.51.171:8081 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->fb930c86-9e2c-58c3-a662-92013da06365 con bcdd5cf9-55a7-5273-9777-a22235c33419 207.185.32.232:52869 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->bcdd5cf9-55a7-5273-9777-a22235c33419 con e398d2c5-484d-5cc3-81bd-fa799cb2bdee 54.157.71.38:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->e398d2c5-484d-5cc3-81bd-fa799cb2bdee con 21796f07-9885-5ba0-96e7-518de3a71602 31.106.48.123:22 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->21796f07-9885-5ba0-96e7-518de3a71602 con 44a5b1d3-9c52-544e-9312-19d9f8672174 89.41.159.235:23 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->44a5b1d3-9c52-544e-9312-19d9f8672174 con 0c4460c0-20f5-526b-a613-5338945fae81 124.184.134.31:52869 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->0c4460c0-20f5-526b-a613-5338945fae81 con 469c226c-d058-57c9-9b49-4e2c179b8f24 171.157.101.161:81 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->469c226c-d058-57c9-9b49-4e2c179b8f24 con 2a2723c4-7da7-591c-a24f-8205ad55d585 218.39.78.56:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->2a2723c4-7da7-591c-a24f-8205ad55d585 con 29e10a91-0ef5-50b1-a137-d90bbde725f6 62.214.220.246:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->29e10a91-0ef5-50b1-a137-d90bbde725f6 con 3cf2c84d-0a60-50bc-ba07-a9365ccd1bd8 75.63.18.174:81 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->3cf2c84d-0a60-50bc-ba07-a9365ccd1bd8 con d8a2857b-2165-5bff-8cdb-fc3e2ec44adf 178.202.167.80:80 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->d8a2857b-2165-5bff-8cdb-fc3e2ec44adf con c34d29b9-c5db-5ebb-a2fe-ac272aae2c0c 47.205.90.47:37215 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->c34d29b9-c5db-5ebb-a2fe-ac272aae2c0c con 71f034b9-1420-50d7-a703-4a4fe10396fa 157.100.157.172:8081 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->71f034b9-1420-50d7-a703-4a4fe10396fa con 12cd93c7-d975-5fb3-a2c4-c8e31f005983 54.208.140.39:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->12cd93c7-d975-5fb3-a2c4-c8e31f005983 con 90aa659f-ab53-5cb6-afe3-f62106429b2c 35.109.9.89:8888 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->90aa659f-ab53-5cb6-afe3-f62106429b2c con 06c6805e-bd13-5772-bb98-93cd0c3c684c 163.80.8.80:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->06c6805e-bd13-5772-bb98-93cd0c3c684c con bb9d6d81-274f-5403-91be-ff94d046e020 206.193.118.182:80 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->bb9d6d81-274f-5403-91be-ff94d046e020 con b4266d38-2217-5dc8-8e28-9d76e9e4a21b 107.8.84.114:52869 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->b4266d38-2217-5dc8-8e28-9d76e9e4a21b con 15c342f5-fa26-57ca-9188-1585d7bd19df 218.235.64.220:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->15c342f5-fa26-57ca-9188-1585d7bd19df con 688ccb01-05dc-5ae1-8166-b75e1d5caac0 191.42.200.227:37215 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->688ccb01-05dc-5ae1-8166-b75e1d5caac0 con 3373a5ee-9c79-5fb1-891d-82a489537754 5.105.74.48:80 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->3373a5ee-9c79-5fb1-891d-82a489537754 con 6b2ebb29-0b31-5057-9e04-3422add7f482 185.173.165.96:9527 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->6b2ebb29-0b31-5057-9e04-3422add7f482 con 51f138ae-f66b-55d8-8737-edd769a85f48 216.188.137.56:9527 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->51f138ae-f66b-55d8-8737-edd769a85f48 con 958c9898-8133-58eb-b9ad-c76a98b21751 44.113.32.229:80 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->958c9898-8133-58eb-b9ad-c76a98b21751 con e687b9fc-c220-5e49-8eeb-e6f84891d8ed 85.31.205.180:5000 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->e687b9fc-c220-5e49-8eeb-e6f84891d8ed con 4157197d-fb7c-53a5-8758-74582f67b78c 168.180.238.212:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->4157197d-fb7c-53a5-8758-74582f67b78c con bf17d7f7-fab8-5423-87a3-f04fb8de743d 14.253.192.75:9527 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->bf17d7f7-fab8-5423-87a3-f04fb8de743d con e2c0c4d7-1ea6-51f6-b1fb-934a49fdbb97 222.46.200.115:9527 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->e2c0c4d7-1ea6-51f6-b1fb-934a49fdbb97 con b2ad15d3-6c2b-534a-b51c-e7aff6ed2b38 19.184.68.158:80 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->b2ad15d3-6c2b-534a-b51c-e7aff6ed2b38 con 7dd3a9c0-033b-5a71-8afc-4c0cf42391ca 123.192.243.157:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->7dd3a9c0-033b-5a71-8afc-4c0cf42391ca con 09ee75e9-4c64-5179-aac1-b437904099d3 38.31.174.209:8888 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->09ee75e9-4c64-5179-aac1-b437904099d3 con c3b61a08-8849-56b3-aa6f-97bae0521c99 182.96.164.155:23 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->c3b61a08-8849-56b3-aa6f-97bae0521c99 con 435186f5-5e64-5fb6-93d7-15ff0ddf8d92 158.124.179.240:52869 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->435186f5-5e64-5fb6-93d7-15ff0ddf8d92 con 1fd371f9-7e18-5050-a34e-b60281895878 17.240.30.181:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->1fd371f9-7e18-5050-a34e-b60281895878 con baea1db4-ec17-55b1-928c-9b1e07a3ef3f 207.97.132.116:80 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->baea1db4-ec17-55b1-928c-9b1e07a3ef3f con 233cb1ac-3a1d-5d30-847c-1e1c566311bb 111.184.104.7:5000 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->233cb1ac-3a1d-5d30-847c-1e1c566311bb con 94e7e5e2-4f48-589b-9b6f-be11a1034116 47.168.30.138:80 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->94e7e5e2-4f48-589b-9b6f-be11a1034116 con c983b85f-7fe6-5f6a-87a6-758aadef5d4a 145.228.20.235:37215 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->c983b85f-7fe6-5f6a-87a6-758aadef5d4a con 8d9661c2-e9cc-54dc-8112-7152c273d71f 190.210.18.58:23 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->8d9661c2-e9cc-54dc-8112-7152c273d71f con aa76a257-0fb7-5e7e-8aa4-9dce47a972d1 86.155.43.230:80 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->aa76a257-0fb7-5e7e-8aa4-9dce47a972d1 con c45bfe36-981c-518b-b061-78f61c09d0b7 221.130.186.245:8081 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->c45bfe36-981c-518b-b061-78f61c09d0b7 con 4ef92d56-a457-5418-abf6-9f4750aaf414 159.243.184.21:80 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->4ef92d56-a457-5418-abf6-9f4750aaf414 con a39b3b15-4fc9-5cca-9efa-e3c443a1d0ae 99.186.157.147:37215 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->a39b3b15-4fc9-5cca-9efa-e3c443a1d0ae con 095ce34d-befd-5111-9cb8-a1c7988a5202 133.236.91.2:8888 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->095ce34d-befd-5111-9cb8-a1c7988a5202 con 8f155754-3478-5b03-ba7f-4a569178c61c 182.85.127.225:81 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->8f155754-3478-5b03-ba7f-4a569178c61c con d3f3adad-bef2-5cff-a2d4-7fbc6103369f 209.37.70.130:81 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->d3f3adad-bef2-5cff-a2d4-7fbc6103369f con 22a0dba4-ac69-5cb0-818c-ccfbe3217602 25.79.118.123:5000 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->22a0dba4-ac69-5cb0-818c-ccfbe3217602 con 9c934891-1b1c-5802-93d5-638a52568b2e 218.127.219.177:52869 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->9c934891-1b1c-5802-93d5-638a52568b2e con c2e44cca-d799-557f-8845-35d2241d8295 92.46.81.123:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->c2e44cca-d799-557f-8845-35d2241d8295 con 74d789f0-3541-5fae-a5c2-6782af68bebb 108.182.191.109:37215 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->74d789f0-3541-5fae-a5c2-6782af68bebb con 37bb335e-81f0-5908-95fc-69bf689dfd57 126.132.171.54:22 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->37bb335e-81f0-5908-95fc-69bf689dfd57 con f3e6ece8-2fe3-5e43-9805-a9c54c5b8185 216.167.26.118:80 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->f3e6ece8-2fe3-5e43-9805-a9c54c5b8185 con d9782704-e064-5c2e-bb01-4acfb6efd42c 218.162.213.234:37215 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->d9782704-e064-5c2e-bb01-4acfb6efd42c con 3c0c0ef7-f297-543a-96d6-e3ef736bd9ce 207.201.177.201:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->3c0c0ef7-f297-543a-96d6-e3ef736bd9ce con c801fc7f-e5ca-517e-aba5-4618709a11d5 122.238.187.80:8080 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->c801fc7f-e5ca-517e-aba5-4618709a11d5 con b9f4b6ad-f6ab-5679-ad66-6c724e8abd6b 223.131.210.201:23 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->b9f4b6ad-f6ab-5679-ad66-6c724e8abd6b con 998f7806-1de7-5d82-bfc2-f50423fb1d1a 89.107.255.115:8888 guuid=eceecb6c-1a00-0000-251d-d0c257090000 pid=2391->998f7806-1de7-5d82-bfc2-f50423fb1d1a con guuid=a2d0da6c-1a00-0000-251d-d0c259090000 pid=2393->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 540B b2255150-2060-5b7f-9786-12d5e647a020 84.201.5.31:12121 guuid=a2d0da6c-1a00-0000-251d-d0c259090000 pid=2393->b2255150-2060-5b7f-9786-12d5e647a020 con
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/731246d1-9ac4-45f2-9709-81bd9cb8dc03
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1810091
Signature
Antivirus / Scanner detection for submitted sample
Connects to many ports of the same IP (likely port scanning)
Malicious sample detected (through community Yara rule)
Uses dynamic DNS services
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1810091 Sample: morte.x86.elf Startdate: 07/11/2025 Architecture: LINUX Score: 76 26 mortex.duckdns.org 2->26 28 179.150.122.67, 37215 TELEFONICABRASILSABR Brazil 2->28 30 100 other IPs or domains 2->30 32 Malicious sample detected (through community Yara rule) 2->32 34 Antivirus / Scanner detection for submitted sample 2->34 36 Yara detected Mirai 2->36 40 2 other signatures 2->40 8 morte.x86.elf 2->8         started        10 python3.8 dpkg 2->10         started        signatures3 38 Uses dynamic DNS services 26->38 process4 process5 12 morte.x86.elf 8->12         started        14 morte.x86.elf 8->14         started        16 morte.x86.elf 8->16         started        18 morte.x86.elf 8->18         started        process6 20 morte.x86.elf 12->20         started        22 morte.x86.elf 12->22         started        24 morte.x86.elf 12->24         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-07 17:09:19 UTC
File Type:
ELF32 Little (Exe)
AV detection:
22 of 37 (59.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wkma56c5s6kzi3vsnhtn3yoanq66f637bbynuedeyq5ej4e5he3a._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai defense_evasion discovery linux
Link:
https://tria.ge/reports/251107-vn9braxnaw/
Behaviour
Reads runtime system information
Enumerates running processes
Writes file to system bin folder
Modifies Watchdog functionality
Malware Config
C2 Extraction:
mortex.duckdns.org
Verdict:
Malicious
Tags:
trojan mirai gafgyt Unix.Trojan.Mirai-7100807-0
YARA:
Linux_Trojan_Gafgyt_5bf62ce4 Linux_Trojan_Mirai_fa3ad9d0 Linux_Trojan_Mirai_b14f4c5d Linux_Trojan_Mirai_93fc3657 Linux_Trojan_Mirai_804f8e7c Linux_Trojan_Mirai_99d78950 Linux_Trojan_Mirai_aa39fb02 Linux_Trojan_Mirai_a68e498c Linux_Trojan_Mirai_88de437f Linux_Trojan_Mirai_ae9d0fa6 Linux_Trojan_Mirai_389ee3e9 Linux_Trojan_Mirai_cc93863b Linux_Trojan_Mirai_8aa7b5d3
Link:
https://app.threat.zone/submission/eadb6669-b71d-468d-a8d3-7e4e2574a2bb
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.84
Link:
https://yomi.yoroi.company/submissions/b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ELF_Mirai
Create hunting rule
Author:NDA0E
Description:Detects multiple Mirai variants
Rule name:Linux_Generic_Threat_1ac392ca
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_5bf62ce4
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_389ee3e9
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_804f8e7c
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_88de437f
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_8aa7b5d3
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_93fc3657
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_99d78950
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_a68e498c
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_aa39fb02
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_ae9d0fa6
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_b14f4c5d
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_cc93863b
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_fa3ad9d0
Create hunting rule
Author:Elastic Security
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1

Mirai

elf b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936

(this sample)

  
Dropped by
SHA256 fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1
  
URLhaus
https://urlhaus.abuse.ch/url/3694991/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 fe6741a954e87da2f1b47d98b4b5bfcf

Comments