MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cee708fb0b2d9a1e61df1277840568867dc44b41d40fa4ccd11fd70064e50119. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cee708fb0b2d9a1e61df1277840568867dc44b41d40fa4ccd11fd70064e50119
SHA3-384 hash: 5ee28a44ed4a0fdf957d4d692457347202f8d35aa6a53db507fed0a2c31c612c5aa0df9126b415397ca5a1351b41eb36
SHA1 hash: 3d0b745baee8d2c8e4508905efb3baede84c7b4d
MD5 hash: 753dadfc332236d5932e354b9993b2c2
humanhash: leopard-purple-ack-magnesium
File name:87sbhas6as.arm5
Download: download sample
Signature Mirai
Create hunting rule
File size:32'880 bytes
First seen:2025-12-23 20:48:26 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:BgfbCl0cNAszUfWkONw4zzxRmW0s9PNVk6K:qfbxcfoePw4hRmWhzVkN
TLSH T138E2D4516C925A2BC6E4237EB97F558D332173E882CFB61BCC125B14B68592F0D63B82
telfhash t116e0d844bc699a2949db9974dd9c47a49501121365664b21cf10dbf0c83f554e70da8e
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 512997aa6d8f23ec8ec58e54c8c8db47095c5f8c2738c36dd54bd1e1f651825b
File size (compressed) :15'728 bytes
File size (de-compressed) :32'880 bytes
Format:linux/arm
Packed file: 512997aa6d8f23ec8ec58e54c8c8db47095c5f8c2738c36dd54bd1e1f651825b

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30455.LC.BadVar.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-9858729-0
Create hunting rule

Unix.Trojan.Mirai-9951087-0
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
masquerade rust
Link:
https://www.filescan.io/uploads/694b004ee126b9ff438eef0d/reports/825af301-66a7-4505-8262-457f42544597/overview
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-12-23T18:44:00Z UTC
Last seen:
2025-12-23T19:08:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/cee708fb0b2d9a1e61df1277840568867dc44b41d40fa4ccd11fd70064e50119/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1ef360ef-a07e-40e2-8568-59fd9458e0fc
Behavior Graph:
Download SVG
%3 guuid=191e108f-1900-0000-1916-02f897070000 pid=1943 /usr/bin/sudo guuid=b2bbc290-1900-0000-1916-02f89e070000 pid=1950 /tmp/sample.bin guuid=191e108f-1900-0000-1916-02f897070000 pid=1943->guuid=b2bbc290-1900-0000-1916-02f89e070000 pid=1950 execve
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b2770e9a-618c-4c84-8203-cc47f7e77e34
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1838441
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1838441 Sample: 87sbhas6as.arm5.elf Startdate: 23/12/2025 Architecture: LINUX Score: 48 14 169.254.169.254, 80 USDOSUS Reserved 2->14 16 109.202.202.202, 80 INIT7CH Switzerland 2->16 18 3 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 6 dash rm 2->6         started        8 dash rm 2->8         started        10 python3.8 dpkg 2->10         started        12 87sbhas6as.arm5.elf 2->12         started        signatures3 process4
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/cee708fb0b2d9a1e61df1277840568867dc44b41d40fa4ccd11fd70064e50119
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cee708fb0b2d9a1e61df1277840568867dc44b41d40fa4ccd11fd70064e50119/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-12-23 20:49:15 UTC
File Type:
ELF32 Little (Exe)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z3tqr6ylfwnb4yo7cj3yibliqz64is2b2qh2jtgrd7lqazhfaemq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-zlndqasnbs/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-9858729-0
YARA:
n/a
Link:
https://app.threat.zone/submission/393fc2a9-8ad5-48d8-8f96-20f915f2ce29
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cee708fb0b2d9a1e61df1277840568867dc44b41d40fa4ccd11fd70064e50119

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:F01_s1ckrule
Create hunting rule
Author:s1ckb017
Rule name:setsockopt
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for setsockopt() red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 512997aa6d8f23ec8ec58e54c8c8db47095c5f8c2738c36dd54bd1e1f651825b

Mirai

elf cee708fb0b2d9a1e61df1277840568867dc44b41d40fa4ccd11fd70064e50119

(this sample)

  
Dropped by
SHA256 512997aa6d8f23ec8ec58e54c8c8db47095c5f8c2738c36dd54bd1e1f651825b
  
URLhaus
https://urlhaus.abuse.ch/url/3741507/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 8c5a057b8e7bf2daccd839b57e5c240e

Comments