MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf6fd74ab76d0db364ed7fa07a847f285aafb6f591d7dc466f7a3787eb6c8433. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf6fd74ab76d0db364ed7fa07a847f285aafb6f591d7dc466f7a3787eb6c8433
SHA3-384 hash: a34de6af42aca351f42dbb07862722006446c01ad18ea4c8d0b632d829766956c7a2e87c63ae75100cc35d7676b777d3
SHA1 hash: 2aa7ba0245ba3f8274f8f5218401888fbce13b18
MD5 hash: 06cde1f982a9f96ea5163fd866c84a71
humanhash: cold-zulu-jig-muppet
File name:fuckunix.arm6
Download: download sample
Signature Mirai
Create hunting rule
File size:68'284 bytes
First seen:2025-01-04 13:21:44 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:t/nOQaCTYOgTBo3quozK+MaYjjTQ1M5iOV5l3ZmOb+10mS:1a0Y5toyW+BY5V5l3ZmOe
TLSH T130631856F8818F15C4D502BAFE1E154E371717E8E2DFB2139E206F603B8A56B0E2BD16
telfhash t14701c2509e894ddd33b58e9882dd377f35463856ed163c23456bbf0987078e3a005437
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.28880.LC.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28886.LC.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28959.LC.UNOFFICIAL
Create hunting rule

Unix.Dropper.Mirai-7136013-0
Create hunting rule

Unix.Trojan.Mirai-8025795-0
Create hunting rule

Unix.Trojan.Mirai-9441505-0
Create hunting rule

Unix.Trojan.Mirai-9858729-0
Create hunting rule

Unix.Trojan.Mirai-9950762-0
Create hunting rule

Unix.Trojan.Mirai-10011027-0
Create hunting rule

Unix.Trojan.Mirai-10011918-0
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=677937761ada70779827149clinux22vpnfull_triage
Tags:
gafgyt mirai ddos
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug masquerade obfuscated
Link:
https://www.filescan.io/uploads/67793606ff386d894907745c/reports/27983501-1541-45dc-a89a-ff7058e71b32/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/bf6fd74ab76d0db364ed7fa07a847f285aafb6f591d7dc466f7a3787eb6c8433
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7dab3985-8e55-45d4-89e1-dd171ab7c4ca
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1584147
Signature
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/bf6fd74ab76d0db364ed7fa07a847f285aafb6f591d7dc466f7a3787eb6c8433
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/bf6fd74ab76d0db364ed7fa07a847f285aafb6f591d7dc466f7a3787eb6c8433/
Threat name:
Linux.Backdoor.Bushido
Create hunting rule
Status:
Malicious
First seen:
2025-01-04 13:22:11 UTC
File Type:
ELF32 Little (Exe)
AV detection:
25 of 38 (65.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x5x5osvxnug3gzhnp6qhvbd7fbnk7nxvshl5yrtppi3yp23mqqzq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:condi
Link:
https://tria.ge/reports/250104-ql8j8atlaj/
Malware Config
C2 Extraction:
lemonsmp.work.gd
report.condinet.cf
Verdict:
Malicious
Tags:
trojan gafgyt Unix.Dropper.Mirai-7136013-0
YARA:
Linux_Trojan_Gafgyt_28a2fe0c Linux_Gafgyt_May_2024
Link:
https://app.threat.zone/submission/9c5cf19d-b7e2-4493-84a8-eacea53dbbc1
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bf6fd74ab76d0db364ed7fa07a847f285aafb6f591d7dc466f7a3787eb6c8433

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf bf6fd74ab76d0db364ed7fa07a847f285aafb6f591d7dc466f7a3787eb6c8433

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3388562/
  
Delivery method
Distributed via web download

Comments