MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2d5b05659726d788cbfdcb8585f645096f816a65e39e5e3230c030ea1e628c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AISURU

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	c2d5b05659726d788cbfdcb8585f645096f816a65e39e5e3230c030ea1e628c9
SHA3-384 hash:	6ec636a4aae6d62bc8d4f40a8e1a83a3fb223c9ab3543d578afdd4046edb5f1407b6e6ef16dc127927c9f938b65a8c70
SHA1 hash:	b48664e9ea3a3734f974a4da29af506c4f7e4759
MD5 hash:	bc5bf4d8b369eef9510d3c86867ef5af
humanhash:	south-indigo-salami-mars
File name:	i686
Download:	download sample
Signature	AISURU Create hunting rule
File size:	153'232 bytes
First seen:	2025-12-02 06:32:26 UTC
Last seen:	2025-12-02 08:31:19 UTC
File type:	elf
MIME type:	application/x-sharedlib
ssdeep	3072:KccaOEi32Ntqb20sGNM6bZHzyarj8VsUI/moQbpu5VD:GEi3KtYwKbpljW3a5VD
TLSH	T15BE36A55F797C0F0F3A381B6002AD3B76A7488119226F1D5FF893B31B836616AD1A39D
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	aisuru elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.ELF.Mirai-CQT.79362742.UNOFFICIAL

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

rust

Link:

https://www.filescan.io/uploads/692e88303cf0944cdda8b0ce/reports/f9db8408-2081-428f-8f12-3abb98f35e18/overview

Result

Gathering data

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/09b08052-3997-424b-a3f2-64d19e2bf45c

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1824180

Signature

Antivirus / Scanner detection for submitted sample

Opens /sys/class/net/* files useful for querying network interface information

Suricata IDS alerts for network traffic

Behaviour

Behavior Graph:

Download SVG

Score:

94%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/c2d5b05659726d788cbfdcb8585f645096f816a65e39e5e3230c030ea1e628c9

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c2d5b05659726d788cbfdcb8585f645096f816a65e39e5e3230c030ea1e628c9/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-12-02 06:24:13 UTC

File Type:

ELF32 Little (SO)

AV detection:

1 of 36 (2.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ylk3avszojwxrdf73s4fqx3ekclpqfvgly46lyzdbqbq5ipgfdeq._file

Result

Malware family:

n/a

Score:

6/10

Tags:

defense_evasion discovery linux

Link:

https://tria.ge/reports/251202-hbaw7scn8z/

Behaviour

Enumerates kernel/hardware configuration

Reads runtime system information

Changes its process name

Enumerates running processes

Reads MAC address of network interface

Reads network interface configuration

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/e43e02c3-c668-4c8f-912d-448cbac54007

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.29

Link:

https://yomi.yoroi.company/submissions/c2d5b05659726d788cbfdcb8585f645096f816a65e39e5e3230c030ea1e628c9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AISURU

elf c2d5b05659726d788cbfdcb8585f645096f816a65e39e5e3230c030ea1e628c9

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3722954/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample