MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6
SHA3-384 hash: d6d1dd123a159cf8ffef75e7535511bc0f1aa567d3e1ad61e2a7627e87540f0dae943c14bc50f5e41ed8e5be0b4fa0eb
SHA1 hash: beaa6fd2d70c8dd636dea67265c8d89f0faad29a
MD5 hash: 9e87e6552b22865382efe2097dd065fa
humanhash: edward-florida-carolina-six
File name:mips
Download: download sample
Signature Mirai
Create hunting rule
File size:88'192 bytes
First seen:2025-02-17 07:47:01 UTC
Last seen:2025-04-19 07:21:03 UTC
File type: elf
MIME type:application/x-executable
ssdeep 1536:3Hd7wZlW8kaMdUnKfcissPtBewrpDUjavP5mapHHaSUdl2u/n1Dxh5twT:t9UStfcissPXeG5ma16Sclh7hYT
TLSH T16A83C61E6E158FACF7A9C63107B79E21974D37C727E1CA41E16CEA001E7024E685FB68
telfhash t19501e50c883853f4d7a21c996bedff76e46170de06269e378d00fd6d9b299429900c2c
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
6
# of downloads :
94
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Mirai.8670.29792.15818.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b2eabaa0fd713c335b616blinux22vpnfull_triage
Tags:
mirai
Result
Verdict:
Malware
Maliciousness:

Behaviour
Runs as daemon
Connection attempt
Receives data from a server
Opens a port
DNS request
Sends data to a server
Kills processes
Substitutes an application name
Deleting of the original file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/67b2e98541f6d21e6a3c1e9e/reports/f61b61d3-e265-4df5-99e0-797fe1e846d7/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
true
Architecture:
mips
Packer:
not packed
Botnet:
unknown
Number of open files:
16
Number of processes launched:
3
Processes remaning?
true
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6
Behaviour
Anti-VM
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
type: 172.217.192.127:3478
Result
Verdict:
UNKNOWN
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/57ebb3f3-54e7-4c39-a4d3-c8bf4cfaaa70
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1616819
Signature
Connects to many ports of the same IP (likely port scanning)
Multi AV Scanner detection for submitted file
Opens /sys/class/net/* files useful for querying network interface information
Performs DNS TXT record lookups
Sample deletes itself
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-02-17 07:47:10 UTC
File Type:
ELF32 Big (Exe)
AV detection:
8 of 37 (21.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2gscp346ifdr6x6xomtvbgw6qkq3v3juwwfadxkb5ua5qfnj27la._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/250217-jml92swkcr/
Behaviour
Enumerates kernel/hardware configuration
System Network Configuration Discovery
Changes its process name
Reads system network configuration
Reads MAC address of network interface
Reads network interface configuration
Deletes itself
Unexpected DNS network traffic destination
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/5ef14194-307f-4786-bd48-4cc70ea4f0f6
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c6e471ffcfc25bab1d0d48bec05f81a1622485cce5cd74a4a9ea3c3227a393f9

Mirai

elf d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3391496/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3391513/
  
Dropped by
SHA256 c6e471ffcfc25bab1d0d48bec05f81a1622485cce5cd74a4a9ea3c3227a393f9
  
Dropped by
MD5 047ab5d64e2963819b738718ceda0cae
  
Dropped by
SHA256 9690312dcb76753e811e03ca1dab520a1e29633d0bbb76f88b0245488c956397
  
Dropped by
MD5 6a69ba51b523472aa2cf01afd92e9f25
  
Dropped by
SHA256 89420c66979564091c945fc5bc9d835912456fd059e85a6932aad15e417b2cfd
  
Dropped by
MD5 0a8c86bc396cce32ced7aa769c747870
  
Dropped by
SHA256 4a1b3c785cf2ad7d481de8f746be96ffb11fa03ef73203218edc7ca2fc629673
  
Dropped by
MD5 a77d1215f8c1bbeb67dd382c5e4888ef
  
Dropped by
SHA256 ec316a8c6ef5b9e7fa08757270ba6ef34501d9fc52b79b2f54e72d468611a94f
  
Dropped by
MD5 83f87e1abfc0ce9f34724db3bf2d7e30

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments