MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c788f45975abbd90f11929b3e124b32037f70565bd9050a09cad55e9febc0b26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c788f45975abbd90f11929b3e124b32037f70565bd9050a09cad55e9febc0b26
SHA3-384 hash: 6613151d8c59c8b4b3dc31986b2f6c2abffcadafd771d3ccc8d9e5570c1e149d99061c9248671ba8d9a768b80737fcef
SHA1 hash: 21a990f54cc16088325c8d94c25f1b6ccdf960b8
MD5 hash: 4b0083f977483a9252f478d51bb3b37c
humanhash: bakerloo-ceiling-louisiana-twelve
File name:sh4
Download: download sample
Signature Mirai
Create hunting rule
File size:96'540 bytes
First seen:2025-03-28 03:12:19 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:GXPhaEPxfQO9PklIfMm6/rIHwJodPdW/AqyenHO0jsns9XIHfNWCr:GftxfQOSiySr51enC
TLSH T17E93AF21F824BC9BCC1D19F5F4B4CA7A17129DA140821EB79DAEF17004A7EC9F54DB68
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.31075.LX.BOT.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-9885259-0
Create hunting rule

Unix.Trojan.Gafgyt-9940653-0
Create hunting rule

Unix.Trojan.Mirai-9951089-0
Create hunting rule

Unix.Trojan.Gafgyt-6735924-0
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67e614564467dac6354e2e30linux22vpnfull_triage
Tags:
n/a
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
expand lolbin remote
Link:
https://www.filescan.io/uploads/67e613cbf274bf2d8e268b5c/reports/7dc67bea-6d19-4275-8607-e46f8b188ba8/overview
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/98ca1fa3-ff23-40f2-b183-49e5d15d7173
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1650815
Signature
Multi AV Scanner detection for submitted file
Sample reads /proc/mounts (often used for finding a writable filesystem)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1650815 Sample: sh4.elf Startdate: 28/03/2025 Architecture: LINUX Score: 52 12 daisy.ubuntu.com 2->12 14 Multi AV Scanner detection for submitted file 2->14 7 sh4.elf 2->7         started        signatures3 process4 signatures5 16 Sample reads /proc/mounts (often used for finding a writable filesystem) 7->16 10 sh4.elf 7->10         started        process6
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/c788f45975abbd90f11929b3e124b32037f70565bd9050a09cad55e9febc0b26
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c788f45975abbd90f11929b3e124b32037f70565bd9050a09cad55e9febc0b26/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-03-28 03:13:17 UTC
File Type:
ELF32 Little (Exe)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y6epiwlvvo6zb4izfgz6cjftea37oblfxwifbie4vvk6t7v4bmta._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250328-dqsy4stjx9/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-9885259-0
YARA:
n/a
Link:
https://app.threat.zone/submission/4c8191d6-8366-494d-bc2b-af43dc1efe9e
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c788f45975abbd90f11929b3e124b32037f70565bd9050a09cad55e9febc0b26

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf c788f45975abbd90f11929b3e124b32037f70565bd9050a09cad55e9febc0b26

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3469545/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3469552/

Comments