MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa33be34b50e5d1ef35738bb9735d20d87375add138bcc63ec3a6abc62955f37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa33be34b50e5d1ef35738bb9735d20d87375add138bcc63ec3a6abc62955f37
SHA3-384 hash: a4effba68f9427d2587de991ebcbdb50bfc6031d2500ce8516d06a6af43d0d4d3a3682f85b196cd01a29e062e24adf3f
SHA1 hash: 592ca9728cb9087e95f82c23fce66c89ee01b1cb
MD5 hash: 6f43c7042c9e50945fbae5a72aa3699e
humanhash: robin-harry-ack-november
File name:cutemips
Download: download sample
Signature Mirai
Create hunting rule
File size:61'292 bytes
First seen:2025-06-15 21:55:24 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:lq5RThRNhRhR/RuhRF25t08Q0oaeHkncHnK:0tvQ0ouncq
TLSH T18853C85E6E618FECF7ACC33447B799216359338633E09689E29CD6105F6024D681FBE8
telfhash t11a01f6188d3863e1db361d9a2b2dfeb6e16131df4a128e738e00b95d9f6ed425e01c0c
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30456.LC.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-9854559-0
Create hunting rule

Unix.Trojan.Mirai-9885101-0
Create hunting rule

Unix.Malware.Mirai-9896989-0
Create hunting rule

Unix.Trojan.Mirai-9899908-0
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=684f41638bd5d68a12e8b891linux22vpnfull_triage
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creates directories
Creating a file
Sets a written file as executable
Connection attempt
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
not packed
Botnet:
unknown
Number of open files:
7
Number of processes launched:
7
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/fa33be34b50e5d1ef35738bb9735d20d87375add138bcc63ec3a6abc62955f37
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/de68bf96-f9a2-4eaa-bbcc-9ccde3ba5371
Behavior Graph:
Download SVG
%3 guuid=5cb16648-1900-0000-2f10-333ee0080000 pid=2272 /usr/bin/sudo guuid=ecddfb4a-1900-0000-2f10-333ee8080000 pid=2280 /tmp/sample.bin guuid=5cb16648-1900-0000-2f10-333ee0080000 pid=2272->guuid=ecddfb4a-1900-0000-2f10-333ee8080000 pid=2280 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f1074f8d-7158-4d15-946c-56f9618172c2
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/1714987
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/fa33be34b50e5d1ef35738bb9735d20d87375add138bcc63ec3a6abc62955f37
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa33be34b50e5d1ef35738bb9735d20d87375add138bcc63ec3a6abc62955f37/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-06-15 21:56:21 UTC
File Type:
ELF32 Big (Exe)
AV detection:
27 of 38 (71.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7iz34nfvbzor542xhc5zonosbwdtoww5cof4yy7mhjvlyyuvl43q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/250615-1tam9ssr13/
Behaviour
Reads runtime system information
System Network Configuration Discovery
File and Directory Permissions Modification
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-9854559-0
YARA:
n/a
Link:
https://app.threat.zone/submission/b0a47b65-bae7-48b8-8de8-0e9798183072
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fa33be34b50e5d1ef35738bb9735d20d87375add138bcc63ec3a6abc62955f37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf fa33be34b50e5d1ef35738bb9735d20d87375add138bcc63ec3a6abc62955f37

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3562366/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3562375/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments