MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7aea615f215e8ff1fd5757bc2e76c087ef6f2d5795890435d4ab660bc664a18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7aea615f215e8ff1fd5757bc2e76c087ef6f2d5795890435d4ab660bc664a18
SHA3-384 hash: 75a617574f06f0b21c382936a0119416dda9f9c3c1c93d07d95a70107c6de06a0956d83b9d26afeb96b8fa89b6f71446
SHA1 hash: adeebd6b099c3496b0e2fbae69270bb0988807e0
MD5 hash: cb4805ff5bdb86074fc42f4bb884bff4
humanhash: harry-maryland-high-floor
File name:mips
Download: download sample
Signature Mirai
Create hunting rule
File size:43'504 bytes
First seen:2025-07-30 21:02:07 UTC
Last seen:2025-07-30 22:15:57 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:45notmfZHHzGP/wsgN1+u+afetNwc3Y/bKh9Oekl1m2JgGlzDpGO+f:8xHqXwuuRfe7wc3as4l1miVGf
TLSH T11913F2BCA72890DAF071847839375F604578076BEB9FBD45164BCA918A0ABC1647EFCC
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
3
# of downloads :
25
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ELF.Agent-BQZ.8443972958.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Opens a port
Sends data to a server
Creating a file
Receives data from a server
Collects information on the CPU
Connection attempt
DNS request
Kills processes
Runs as daemon
Substitutes an application name
Performs a bruteforce attack in the network
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
true
Architecture:
mips
Packer:
custom
Botnet:
unknown
Number of open files:
18
Number of processes launched:
5
Processes remaning?
true
Remote TCP ports scanned:
23
Full report:
https://elfdigest.com/brief/b7aea615f215e8ff1fd5757bc2e76c087ef6f2d5795890435d4ab660bc664a18
Behaviour
Anti-VM
Process Renaming
Information Gathering
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9210f046-51ce-4456-998f-0be3c37de60a
Behavior Graph:
Download SVG
%3 guuid=deae6def-1900-0000-f046-d9650f0b0000 pid=2831 /usr/bin/sudo guuid=78b5c5f1-1900-0000-f046-d965150b0000 pid=2837 /tmp/sample.bin guuid=deae6def-1900-0000-f046-d9650f0b0000 pid=2831->guuid=78b5c5f1-1900-0000-f046-d965150b0000 pid=2837 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b4e4224b-4e3a-4d81-8b0d-d238b0193945
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
spre.troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1747341
Signature
Connects to many ports of the same IP (likely port scanning)
Sample tries to kill multiple processes (SIGKILL)
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1747341 Sample: mips.elf Startdate: 30/07/2025 Architecture: LINUX Score: 64 25 bootaa.anondns.net 45.135.194.32, 37214, 48822 SKYLINKCZ Germany 2->25 27 51.148.128.90, 23 ZEN-ASZenInternet-UKGB United Kingdom 2->27 29 35 other IPs or domains 2->29 33 Yara detected Mirai 2->33 35 Connects to many ports of the same IP (likely port scanning) 2->35 8 mips.elf 2->8         started        10 xfce4-session xfwm4 2->10         started        12 xfce4-session xfdesktop 2->12         started        14 11 other processes 2->14 signatures3 process4 process5 16 mips.elf 8->16         started        process6 18 mips.elf 16->18         started        21 mips.elf 16->21         started        23 mips.elf 16->23         started        signatures7 31 Sample tries to kill multiple processes (SIGKILL) 18->31
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/b7aea615f215e8ff1fd5757bc2e76c087ef6f2d5795890435d4ab660bc664a18
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7aea615f215e8ff1fd5757bc2e76c087ef6f2d5795890435d4ab660bc664a18/
Verdict:
Malicious
Threat:
HEUR:Backdoor.Linux.Mirai
Link:
https://tip.neiki.dev/file/b7aea615f215e8ff1fd5757bc2e76c087ef6f2d5795890435d4ab660bc664a18
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-07-30 21:02:15 UTC
File Type:
ELF32 Big (Exe)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w6xkmfpscxup6h6vov54fz3mbb7pn4wvpfmjaq25jk3gbpdgjima._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250730-zvh6cswrz9/
Behaviour
System Network Configuration Discovery
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/65340f12-ee10-4cdd-bd27-4f307cbc369e
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b7aea615f215e8ff1fd5757bc2e76c087ef6f2d5795890435d4ab660bc664a18

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:upx_antiunpack_elf32
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:UPX Anti-Unpacking technique to magic renamed for ELF32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 0bebd64f8b78c590081a36863b5bae3dc1eb78586add384c99e93ef75b181943

Mirai

elf b7aea615f215e8ff1fd5757bc2e76c087ef6f2d5795890435d4ab660bc664a18

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3593219/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 0bebd64f8b78c590081a36863b5bae3dc1eb78586add384c99e93ef75b181943
  
Dropped by
MD5 3686a8a87a54aa29650d5b909f894842
  
Dropped by
SHA256 780834d106c16b49a785185eaf98e5b3dc6ef78cb009877b3b7b590a8d185812
  
Dropped by
MD5 3d11a37594a6c3c48dd8e8ccd88ea328
  
Dropped by
SHA256 e4cecac9aa59e179ec2381da2e8a5120ae7cc4b91d89d540cdf138c8d9eb4251
  
Dropped by
MD5 4a38eabaaea4c66bee75cbe0de12f137
  
URLhaus
https://urlhaus.abuse.ch/url/3594264/
  
URLhaus
https://urlhaus.abuse.ch/url/3594267/
  
URLhaus
https://urlhaus.abuse.ch/url/3594266/
  
Dropped by
SHA256 59b532d83e376155728094967532f0e9ed02cf39f107b706fa4a9887c337adc4
  
Dropped by
MD5 7e8cbf7be9c6933d0bf02e7f0c07b447

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments