MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4fdffa36b13e3742a38317302b552e0142055d028e43ef4ccbbdbfa0b208342. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 13


Intelligence 13 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4fdffa36b13e3742a38317302b552e0142055d028e43ef4ccbbdbfa0b208342
SHA3-384 hash: babca375793ddb75d9c819f59701046cf27dd1fab17c8a4bdd95e29c508a834729cc3a7c46157aceda4c2f2b85ada3ef
SHA1 hash: 7ad86eca244b54526fd7a7524f78146e69b36954
MD5 hash: 57ce2d6d9e92ee00cea4f536749dbef2
humanhash: mike-golf-quiet-romeo
File name:sora.x86
Download: download sample
Signature Mirai
Create hunting rule
File size:28'048 bytes
First seen:2025-09-03 10:06:52 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 384:Mg1DMwk8JPyGnT8WyopNEutTneSe3oECHjYlQ2NnE4+0o8tm3HWBKENAZHcNtQgL:RMwxdyoEUnDz+Y8tqHWXm8vV0Ny
TLSH T1BCC2F1BF76995A2BFA18233DF435C11B03A4F51CA79D6B9723404432E95E42D7532CC8
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai UPX
File size (compressed) :28'048 bytes
File size (de-compressed) :62'224 bytes
Format:linux/i386
Unpacked file: 69686e8bf43a819672b68eae60b8e7fd2ffe63d1b77a49905313d8cf79da419d

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai-63.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-9955978-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
masquerade packed threat upx
Link:
https://www.filescan.io/uploads/68b813b139a6221faa7c5026/reports/8b733358-204e-4e2b-ba30-6633df3305da/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
UPX
Botnet:
38.162.114.77:80/bins
Number of open files:
0
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/c4fdffa36b13e3742a38317302b552e0142055d028e43ef4ccbbdbfa0b208342
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-09-03T07:37:00Z UTC
Last seen:
2025-09-03T07:37:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.r HEUR:Backdoor.Linux.Mirai.ba HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/c4fdffa36b13e3742a38317302b552e0142055d028e43ef4ccbbdbfa0b208342/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8790216c-e32a-417c-8f95-538b6f6d2a57
Behavior Graph:
Download SVG
%3 guuid=362427d7-1900-0000-eb79-879565090000 pid=2405 /usr/bin/sudo guuid=1877c5da-1900-0000-eb79-87956f090000 pid=2415 /tmp/sample.bin net guuid=362427d7-1900-0000-eb79-879565090000 pid=2405->guuid=1877c5da-1900-0000-eb79-87956f090000 pid=2415 execve 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=1877c5da-1900-0000-eb79-87956f090000 pid=2415->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/612ed9d0-c0d0-4c4a-bd1e-42d273a4f40a
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1770276
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/c4fdffa36b13e3742a38317302b552e0142055d028e43ef4ccbbdbfa0b208342
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c4fdffa36b13e3742a38317302b552e0142055d028e43ef4ccbbdbfa0b208342/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/c4fdffa36b13e3742a38317302b552e0142055d028e43ef4ccbbdbfa0b208342
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-09-03 10:09:35 UTC
File Type:
ELF32 Little (Exe)
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yt677i3lcprxikrygfzqfnks4akcavoqfdsd55gmxpn7uczaqnba._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:sora botnet linux upx
Link:
https://tria.ge/reports/250903-l6gvsayvcs/
Behaviour
Mirai
Mirai family
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-9955978-0
YARA:
n/a
Link:
https://app.threat.zone/submission/c13c5f76-e99f-4a60-9911-a6b5f23657f7
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c4fdffa36b13e3742a38317302b552e0142055d028e43ef4ccbbdbfa0b208342

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a0c8570dde73fc647c8a7d6cb0b1ac0585ec065b01c91223402e91844a1fea5c

Mirai

elf c4fdffa36b13e3742a38317302b552e0142055d028e43ef4ccbbdbfa0b208342

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3616189/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 a0c8570dde73fc647c8a7d6cb0b1ac0585ec065b01c91223402e91844a1fea5c
  
Dropped by
MD5 f4fc465c51df332218cbb99851fed510
  
Dropped by
SHA256 74978cdddaeaae0046dda0e546258ca888345a93afa08425c9990da4f7282bd8
  
Dropped by
MD5 bf1d1f2ae9015c8822cc04694cdfa08d
  
Dropped by
SHA256 f233f77247bef987f907ba7fcd2e299ab754cd065a564fa7d86c8951eae17f24
  
Dropped by
MD5 345f78e3251184507794e29f71d1624b
  
Dropped by
SHA256 4c7fb62cb903bc202b55e5de415793baa4b570da0aa1502e453a6885eed8724d
  
Dropped by
MD5 7d594db66dec89ddcb84d51da11eb3b0
  
Dropped by
SHA256 2bf0834408e35ab95c81c6248522cc96c9e18cb125dad7d9b925928ce055cbb3
  
Dropped by
MD5 927a7a9cb65a83d44df8bdce130cfc63
  
Dropped by
SHA256 7fd3aa653ece26c81e94f042ee6b85cfcd04a4bcfc2f4b097ee673b8635fc2ae
  
Dropped by
MD5 b2fcc000f58f0e43fdaf5d3513fd83cf
  
Dropped by
SHA256 e19e787e4f61db39f7c388070f54b00a47281bade9e9ec1a72884675ad618ac4
  
Dropped by
MD5 024dd5764d8a7e18f4e3074d23efdecb
  
Dropped by
SHA256 d71825d1cc73dbcc582f0b75e00b9f3457217b421dd503ed7bfd4643d68cac58
  
Dropped by
MD5 6777da52673377a9b9762994e5132418
  
Dropped by
SHA256 b27aad23252de85b0566d31285765769f3e0d8c9a0e489e07bf9e6b8c971c0f9
  
Dropped by
MD5 433fee532b4ec7f009830d243294a91f
  
Dropped by
SHA256 4380db13717e531fa7dd7ecdd4dce7833d5cbf1ff1a0a1dc75ae8ef755a1228f
  
Dropped by
MD5 1567db413307908e7f6910eb3d76cfaa
  
Dropped by
SHA256 4c388161249ed192e84cb9a7c098a578359f0212f4309f445730a1ea439bccd4
  
Dropped by
MD5 08e47147002629ce1849467309f4008a
  
Dropped by
SHA256 f604101df9ff20d7c9cda753ce665e059b3943fd1dfb28a793995769ae1edf87
  
Dropped by
MD5 5907540ba6fdec8a3ccc02764299cff4
  
Dropped by
SHA256 a6a3fd1ae2ad5224205d5b3b349a7593c588b4a9355a39eec6756d6066a40c06
  
Dropped by
MD5 30fa4aca8906b1c21e43804a82d53474

Comments