MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db1092bb0934c3758d00a8897f2fce0c6a53747a16c35eca706ad87c36396311. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db1092bb0934c3758d00a8897f2fce0c6a53747a16c35eca706ad87c36396311
SHA3-384 hash: ca769207b935ed6099ac16518570f28953c79abdf50545ce4ff67a1b3a41c85db5d8e7e75da60f4506fcce24d2d7ed7c
SHA1 hash: c2e2d766ab5ab134f1f8e0abd5850d6d1b438487
MD5 hash: a719c5b29a16a710f2ce9881c2994379
humanhash: jersey-emma-lamp-seventeen
File name:katrina
Download: download sample
Signature Mirai
Create hunting rule
File size:96'452 bytes
First seen:2025-07-17 05:17:23 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:0yLOB7WpvMhSjr6y+IFfYmSP8my3BUAurYfzIxEfgZW4QhalfywAyaUI:VLOwvMhS36UfYmSM3QYLIuAsUfywAXUI
TLSH T1EC933A93F804DEBEF809C77744539A09B530A3E50E521A727323AD57FD360E85936E8A
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
25
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.29052.TSource.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-6981989-0
Create hunting rule

Unix.Trojan.Gafgyt-7782058-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated
Link:
https://www.filescan.io/uploads/687887a28a7d628a81b3a356/reports/c2196ad2-2c31-4d20-9ad2-236a8ec3b19a/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1e258797-eefd-4629-b3ab-a9e7dcdb002a
Behavior Graph:
Download SVG
%3 guuid=6508ff3f-1a00-0000-b2c2-13f1a2090000 pid=2466 /usr/bin/sudo guuid=60b5fe41-1a00-0000-b2c2-13f1a9090000 pid=2473 /tmp/sample.bin guuid=6508ff3f-1a00-0000-b2c2-13f1a2090000 pid=2466->guuid=60b5fe41-1a00-0000-b2c2-13f1a9090000 pid=2473 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/641b3698-a52f-48a2-be58-7c4e451515ba
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1738533
Signature
Multi AV Scanner detection for submitted file
Terminates several processes with shell command 'killall'
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1738533 Sample: katrina.elf Startdate: 17/07/2025 Architecture: LINUX Score: 52 36 123.201.90.27 YOU-INDIA-APYOUBroadbandCableIndiaLtdIN India 2->36 38 128.252.52.54 WUSTL-ASNUS United States 2->38 40 99 other IPs or domains 2->40 42 Multi AV Scanner detection for submitted file 2->42 9 katrina.elf 2->9         started        signatures3 process4 process5 11 katrina.elf 9->11         started        process6 13 katrina.elf sh 11->13         started        15 katrina.elf sh 11->15         started        17 katrina.elf sh 11->17         started        19 59 other processes 11->19 process7 21 sh killall 13->21         started        24 sh killall 15->24         started        26 sh killall 17->26         started        28 sh killall 19->28         started        30 sh killall 19->30         started        32 sh killall 19->32         started        34 56 other processes 19->34 signatures8 44 Terminates several processes with shell command 'killall' 21->44
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/db1092bb0934c3758d00a8897f2fce0c6a53747a16c35eca706ad87c36396311
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/db1092bb0934c3758d00a8897f2fce0c6a53747a16c35eca706ad87c36396311/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-07-17 05:18:21 UTC
File Type:
ELF32 Big (Exe)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3mijfoyjgtbxldiavcex6l6obrvfg5d2c3bv5stqnlmhynrzmmiq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:kyton linux
Link:
https://tria.ge/reports/250717-fze5qaek8v/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-6981989-0
YARA:
n/a
Link:
https://app.threat.zone/submission/07ea5c81-6e89-44ee-8e86-f8238145b528
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/db1092bb0934c3758d00a8897f2fce0c6a53747a16c35eca706ad87c36396311

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf db1092bb0934c3758d00a8897f2fce0c6a53747a16c35eca706ad87c36396311

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3584476/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3584495/
  
URLhaus
https://urlhaus.abuse.ch/url/3576539/

Comments