MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd52d16cceebd3242fd59b0ef4c61b6a226d8b226b667974330a1b80f8358797. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd52d16cceebd3242fd59b0ef4c61b6a226d8b226b667974330a1b80f8358797
SHA3-384 hash: 0bc4a5cfbc9354add650179546ec23024d45c0a8bf58a8088a88ef729795d28fe476c6cdabe3a1287851a5f6858157b4
SHA1 hash: 845adb899a87c108848814c713c94915d55b2d90
MD5 hash: 63447cda1ccf6cc2a84d58c0745f5952
humanhash: timing-connecticut-undress-magazine
File name:fullgc-linux-aarch64
Download: download sample
Signature Mirai
Create hunting rule
File size:3'290'788 bytes
First seen:2026-03-01 18:25:12 UTC
Last seen:2026-03-02 07:42:39 UTC
File type: elf
MIME type:application/x-executable
ssdeep 98304:Rv3OS38wRw6huUUJi0QMRTEV6gP3DIBw1T:lXrhuTJJRg6gvD4w1T
TLSH T1C9E533489111A32BBE7B8CB4B19497B3BA6D11FE6E5961D0C0C4E40F7DB91F442BA07B
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf UPX
File size (compressed) :3'290'788 bytes
File size (de-compressed) :8'236'456 bytes
Format:linux/arm64
Unpacked file: 751088a2c57f01b5204a7423c28afeb974729303019b24932e97a01f7800b070

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/39a052a0-0f1e-42d6-9e57-64e4e4039952/
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
miner monero packed upx xmrig
Link:
https://www.filescan.io/uploads/69a4849591ad9169e5350beb/reports/c54edc6c-700a-4430-9d21-201e5406fedf/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/dd52d16cceebd3242fd59b0ef4c61b6a226d8b226b667974330a1b80f8358797
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Gathering data
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/9148c08c-776b-40ef-83d4-c2c1a9f3ab29
Result
Threat name:
Xmrig
Create hunting rule
Detection:
malicious
Classification:
evad.mine
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1876542
Signature
Found strings related to Crypto-Mining
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Stdout / stderr contain strings indicative of a mining client
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/dd52d16cceebd3242fd59b0ef4c61b6a226d8b226b667974330a1b80f8358797
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd52d16cceebd3242fd59b0ef4c61b6a226d8b226b667974330a1b80f8358797/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-08 20:59:37 UTC
File Type:
ELF64 Little (Exe)
AV detection:
7 of 36 (19.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3vjnc3go5pjsil6vtmhpjrq3nirg3czcnnths5btbinyb6bvq6lq._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
linux upx
Link:
https://tria.ge/reports/260301-w2srlacz9f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/dd52d16cceebd3242fd59b0ef4c61b6a226d8b226b667974330a1b80f8358797

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf dd52d16cceebd3242fd59b0ef4c61b6a226d8b226b667974330a1b80f8358797

(this sample)

Mirai

elf 751088a2c57f01b5204a7423c28afeb974729303019b24932e97a01f7800b070

  
Dropping
SHA256 751088a2c57f01b5204a7423c28afeb974729303019b24932e97a01f7800b070
  
Dropping
MD5 f9ea9088c2ad87e9150e7d1aba17f37c
  
URLhaus
https://urlhaus.abuse.ch/url/3788109/
  
Delivery method
Distributed via web download

Comments