MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc9c099ce17011141fc8c2bf54de483d4c90b29f5821347c1ade64e0e34f3fec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc9c099ce17011141fc8c2bf54de483d4c90b29f5821347c1ade64e0e34f3fec
SHA3-384 hash: 62397f4de40443751b9df14e96cba1209e71e46af19d0d7dd521bd12bf1677c0bb8cdca54a52a9df44667cb106fe7572
SHA1 hash: 0f54d9c13bbcc9f6c677ae348790f5bdf5d108b2
MD5 hash: 5a951eae7a59eefb7cbc29cfd1473f9e
humanhash: fruit-golf-saturn-enemy
File name:Josho.m68k
Download: download sample
Signature Mirai
Create hunting rule
File size:52'800 bytes
First seen:2025-12-23 22:59:24 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:7MehvKgc46P1omWQc7/JgFHdIp8LujWeXzpUGRJTPOMdL88pIlk:QIK34GWmbBF28Sjp1UGRJbOMdw8Sk
TLSH T1A33329DAB402AD7CF89FEA7E80160E0AF22123551053072B67BFFDD37E321549952E46
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
DE DE
Vendor Threat Intelligence
Malware configuration found for:
Mirai
Details
Mirai
an XOR decryption key and at least a c2 socket address
Link:
https://research.acce.ciphertechsolutions.com/results/808afa67-e813-4b46-bf09-898303a550c9/
Detection(s):
Unix.Trojan.Mirai-6981989-0
Create hunting rule

Unix.Dropper.Mirai-7135890-0
Create hunting rule

Unix.Dropper.Mirai-7135939-0
Create hunting rule

Unix.Dropper.Mirai-7136025-0
Create hunting rule

Unix.Trojan.Mirai-9940650-0
Create hunting rule

Unix.Trojan.Mirai-10018298-0
Create hunting rule

Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a48d0f14-39d5-4afe-aec4-faf5a8951681
Behavior Graph:
Download SVG
%3 guuid=a6b599b2-1b00-0000-5450-f866640b0000 pid=2916 /usr/bin/sudo guuid=b68440b4-1b00-0000-5450-f8666a0b0000 pid=2922 /tmp/sample.bin guuid=a6b599b2-1b00-0000-5450-f866640b0000 pid=2916->guuid=b68440b4-1b00-0000-5450-f8666a0b0000 pid=2922 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f9c647bf-db2d-4b8a-a536-feaf37037de0
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1838541
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1838541 Sample: Josho.m68k.elf Startdate: 24/12/2025 Architecture: LINUX Score: 60 48 156.124.100.133 XNSTGCA United States 2->48 50 2.158.131.182 WINDTRE-ASIT Italy 2->50 52 98 other IPs or domains 2->52 54 Antivirus / Scanner detection for submitted sample 2->54 56 Multi AV Scanner detection for submitted file 2->56 58 Uses known network protocols on non-standard ports 2->58 10 Josho.m68k.elf 2->10         started        12 dash rm 2->12         started        14 dash rm 2->14         started        16 python3.8 dpkg 2->16         started        signatures3 process4 process5 18 Josho.m68k.elf 10->18         started        20 Josho.m68k.elf 10->20         started        22 Josho.m68k.elf 10->22         started        process6 24 Josho.m68k.elf 18->24         started        26 Josho.m68k.elf 18->26         started        28 Josho.m68k.elf 20->28         started        30 Josho.m68k.elf 20->30         started        32 Josho.m68k.elf 20->32         started        process7 34 Josho.m68k.elf 24->34         started        36 Josho.m68k.elf 24->36         started        38 Josho.m68k.elf 24->38         started        40 Josho.m68k.elf 28->40         started        42 Josho.m68k.elf 28->42         started        process8 44 Josho.m68k.elf 34->44         started        46 Josho.m68k.elf 34->46         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/cc9c099ce17011141fc8c2bf54de483d4c90b29f5821347c1ade64e0e34f3fec
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/cc9c099ce17011141fc8c2bf54de483d4c90b29f5821347c1ade64e0e34f3fec/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/cc9c099ce17011141fc8c2bf54de483d4c90b29f5821347c1ade64e0e34f3fec
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-23 14:16:51 UTC
File Type:
ELF32 Big (Exe)
AV detection:
27 of 38 (71.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zsoathhboairih6iyk7vjxsihvgjbmu7laqti7a23zsoby2ph7wa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:josho linux
Link:
https://tria.ge/reports/251223-2y9tlaxnb1/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-6981989-0
YARA:
n/a
Link:
https://app.threat.zone/submission/edc69182-e250-46fc-8706-3baa6151e283
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cc9c099ce17011141fc8c2bf54de483d4c90b29f5821347c1ade64e0e34f3fec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf cc9c099ce17011141fc8c2bf54de483d4c90b29f5821347c1ade64e0e34f3fec

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3741695/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3742539/
  
URLhaus
https://urlhaus.abuse.ch/url/3742602/

Comments