MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e52bd462c3bfaead674d76cdb688c3063ae9b4175deda11a6f59315059867e05. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	e52bd462c3bfaead674d76cdb688c3063ae9b4175deda11a6f59315059867e05
SHA3-384 hash:	a89f335277e769b15b6c45c892815b8d9b9a32028e51037502275fc6006cffef8791a22af277c467732868ed876ec29d
SHA1 hash:	2bc9b9cd19bf676b4989faefc4f1f219f18c4f7e
MD5 hash:	22836e93f31f12ff921ec82d280323a3
humanhash:	april-jig-lithium-whiskey
File name:	mips
Download:	download sample
Signature	Mirai Create hunting rule
File size:	122'244 bytes
First seen:	2025-03-09 11:11:26 UTC
Last seen:	2025-03-09 11:25:13 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:b1wV1V9GeFTjaFfpRmwJlaBSOVZNX3B3JW+dCVdv7hbadzqy6pfIEmNbk6tf+JbD:b1wt9GTyZNHBD2v7huqyq6p+5KVJZq
TLSH	T195C3640E9A218F6FF62DC33643F7C665A36526D323D7E24AC25CE5201E6438E641F7A4
telfhash	t107215158497422f0db720c5d1bedef72e5a030df4b266d378e01e8aaaaadd425d00c1c
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Clean

Score:

82.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67cd80f20d1b39e3a2086b6alinux22vpnfull_triage

Tags:

n/a

Result

Verdict:

Clean

Maliciousness:

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

lolbin remote

Link:

https://www.filescan.io/uploads/67cd7799e95d0f9029e65c0f/reports/c9059a81-765e-4482-a3fd-3e617f9c510d/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

mips

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/e52bd462c3bfaead674d76cdb688c3063ae9b4175deda11a6f59315059867e05

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/4c9225c1-28c5-4a1d-b1ed-54fe54faa35e

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1632921

Signature

Multi AV Scanner detection for submitted file

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/e52bd462c3bfaead674d76cdb688c3063ae9b4175deda11a6f59315059867e05

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e52bd462c3bfaead674d76cdb688c3063ae9b4175deda11a6f59315059867e05/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2025-03-09 11:12:21 UTC

File Type:

ELF32 Big (Exe)

AV detection:

13 of 38 (34.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4uv5iywdx6xk2z2no3g3ncgday5otnaxlxw2cgtpleyvawmgpycq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250309-naxx8szqy5/

Behaviour

System Network Configuration Discovery

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/de89809d-ad58-4fa2-a6ab-5594ef8e08cb

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mirai

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/e52bd462c3bfaead674d76cdb688c3063ae9b4175deda11a6f59315059867e05

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 50f27c5016a5ec248c776f1ce29b146934b468ae4dd9d256a4e0d3a5f54c9a2a

Mirai

elf e52bd462c3bfaead674d76cdb688c3063ae9b4175deda11a6f59315059867e05

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3469401/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3469825/

URLhaus

https://urlhaus.abuse.ch/url/3469041/

Dropped by

SHA256 50f27c5016a5ec248c776f1ce29b146934b468ae4dd9d256a4e0d3a5f54c9a2a

Dropped by

MD5 c5c8a4be170413e35a1be8dfb95ca2c5

URLhaus

https://urlhaus.abuse.ch/url/3469412/

URLhaus

https://urlhaus.abuse.ch/url/3469424/

Dropped by

SHA256 471f1d2ba4f8ff7ed14ab62d33fe36f7951007973af0b56fd6292cf46a7a67d3

Dropped by

MD5 8ba017cd8d592d535c9d4d09e20a3097

URLhaus

https://urlhaus.abuse.ch/url/3469441/

URLhaus

https://urlhaus.abuse.ch/url/3469369/

Dropped by

SHA256 8ffdd741e27f452c9fa4e17a714a1a45017ecb266bc1fcd24ee1e9a942a63ade

Dropped by

MD5 cc30b4c69e3c6388413546f511831a4e

Dropped by

SHA256 f7ecafa225e4fac095f317ad8862e0656442ed1739c0da16bb2456ab25107d69

Dropped by

MD5 04aa7d6e7d84abc4ebcfd3243235fd24

Dropped by

SHA256 bef4bd41414d8c60dfb9818ca0bddb4a3fcdf76d00ae55d0828b4bf5ea047e97

Dropped by

MD5 889361b12fc644537848aaf1ab3fc25b

Dropped by

SHA256 08c9227080602a91a1f0c8c5da39e6a20eedde006a887f8700ba75fe06ae47ea

Dropped by

MD5 7e39bebcd0c48564042e7cef7e7cf7e0

URLhaus

https://urlhaus.abuse.ch/url/3473801/

URLhaus

https://urlhaus.abuse.ch/url/3473804/

URLhaus

https://urlhaus.abuse.ch/url/3473797/

URLhaus

https://urlhaus.abuse.ch/url/3473798/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample