MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec692f1bfa5313548d0eb7af8be70d1bb9781755125f17bd1aea2258e83c164b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec692f1bfa5313548d0eb7af8be70d1bb9781755125f17bd1aea2258e83c164b
SHA3-384 hash: bab1fe3a2efdd6be1566be0ee62475b6bf7e057becd0b94eae73899eedde32b1fefcbf6d3b754ca588288f9a33a20774
SHA1 hash: 196087c600c08bdafd7eb17314f1c1fe4d5f10ed
MD5 hash: 72c25bb99468baca1ac8b177c9614145
humanhash: hotel-triple-indigo-alaska
File name:fuckunix.arm5
Download: download sample
Signature Mirai
Create hunting rule
File size:44'576 bytes
First seen:2025-01-04 13:21:37 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:qOTla27bBJ99FJhPurTDyQaCchpCgLHwzo51H5dPQt5RJjxcFLUaQNOwbZ010U5r:qf2f3FJhPuHch5LHw6H51Qt5Rfoub+1p
TLSH T193132B96F8C28B66C5D0127AF66FA95C3320A3E8C2CF7303CD601B61769741B1EA7E41
telfhash t12be02600bc759e2c9cc7aa74dded07a49601622350668b00cf10dbf4c83f458e30ca5a
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.28880.LC.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28886.LC.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28959.LC.UNOFFICIAL
Create hunting rule

Unix.Dropper.Mirai-7136013-0
Create hunting rule

Unix.Trojan.Mirai-8025795-0
Create hunting rule

Unix.Trojan.Mirai-9441505-0
Create hunting rule

Unix.Trojan.Mirai-9858729-0
Create hunting rule

Unix.Trojan.Mirai-9950762-0
Create hunting rule

Unix.Trojan.Mirai-10011027-0
Create hunting rule

Unix.Trojan.Mirai-10011918-0
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=677936151ada707798271324linux22vpnfull_triage
Tags:
malware
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug masquerade obfuscated
Link:
https://www.filescan.io/uploads/677935feddbd8eb878d936b2/reports/bed5f841-af03-4ee3-aca8-b95f72bcba79/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/ec692f1bfa5313548d0eb7af8be70d1bb9781755125f17bd1aea2258e83c164b
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/16b05bd6-10f0-479f-b3e8-5b4b9eed2dfb
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1584154
Signature
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/ec692f1bfa5313548d0eb7af8be70d1bb9781755125f17bd1aea2258e83c164b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec692f1bfa5313548d0eb7af8be70d1bb9781755125f17bd1aea2258e83c164b/
Threat name:
Linux.Backdoor.Bushido
Create hunting rule
Status:
Malicious
First seen:
2025-01-04 13:22:06 UTC
File Type:
ELF32 Little (Exe)
AV detection:
17 of 23 (73.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5rus6g72kmjvjdiow6xyxzyndo4xqf2vcjprppi25irfr2b4czfq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:condi
Link:
https://tria.ge/reports/250104-ql79fs1la1/
Malware Config
C2 Extraction:
lemonsmp.work.gd
report.condinet.cf
Verdict:
Malicious
Tags:
trojan gafgyt Unix.Dropper.Mirai-7136013-0
YARA:
Linux_Trojan_Gafgyt_28a2fe0c Linux_Gafgyt_May_2024
Link:
https://app.threat.zone/submission/58eb7528-307d-448a-90af-6d98d365f857
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ec692f1bfa5313548d0eb7af8be70d1bb9781755125f17bd1aea2258e83c164b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf ec692f1bfa5313548d0eb7af8be70d1bb9781755125f17bd1aea2258e83c164b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3388555/
  
Delivery method
Distributed via web download

Comments