MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 15


Intelligence 15 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1
SHA3-384 hash: 4b287117827b134d8a09854f0c97824697706e0ff5bc444e8c119e504ae65d326e937ee545d2440c2dbdb4aeb7fb5df7
SHA1 hash: f4f7cad7eb52e93fc85bffbe34a390dfe8211289
MD5 hash: fe6741a954e87da2f1b47d98b4b5bfcf
humanhash: bakerloo-sink-lithium-ceiling
File name:morte.x86
Download: download sample
Signature Mirai
Create hunting rule
File size:47'216 bytes
First seen:2025-11-07 17:08:05 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:OaIMM8GdXa3rMdmGnPpE6PtqBkoC9Modsfndh90yEbViq7m+M1WAqvnbcuyD7UHr:OaFM8IhmGnPpxlO2JdWh69bV+fWAanok
TLSH T18523F10A92AE1953D85A9270B67F37CF3D62D01C59D08BB790C8902A158FFFF56147E1
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai UPX
File size (compressed) :47'216 bytes
File size (de-compressed) :111'892 bytes
Format:linux/i386
Unpacked file: b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135858-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sends data to a server
Runs as daemon
Opens a port
DNS request
Performs a bruteforce attack in the network
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade mirai obfuscated packed upx
Link:
https://www.filescan.io/uploads/690e277f2b74ec26eb6affff/reports/a4ca467e-a5f9-428e-a9b7-15dafbccb895/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
UPX
Botnet:
unknown
Number of open files:
47
Number of processes launched:
8
Processes remaning?
false
Remote TCP ports scanned:
23,80,81,8081,5000,8888,22,8080,37215,9527,52869
Full report:
https://elfdigest.com/brief/fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1
Behaviour
Information Gathering
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-11-07T14:24:00Z UTC
Last seen:
2025-11-09T12:01:00Z UTC
Hits:
~10
Detections:
HEUR:Exploit.Linux.CVE-2018-10561.a HEUR:Backdoor.Linux.Mirai.r HEUR:Backdoor.Linux.Mirai.b HEUR:Backdoor.Linux.Gafgyt.bl HEUR:Backdoor.Linux.Gafgyt.bj
Link:
https://opentip.kaspersky.com/fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a16498d3-b575-4be3-8a72-12686e445354
Behavior Graph:
Download SVG
%3 guuid=41dfe6f4-1900-0000-c304-80424d0a0000 pid=2637 /usr/bin/sudo guuid=f7aa9cf7-1900-0000-c304-8042560a0000 pid=2646 /tmp/sample.bin net guuid=41dfe6f4-1900-0000-c304-80424d0a0000 pid=2637->guuid=f7aa9cf7-1900-0000-c304-8042560a0000 pid=2646 execve 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=f7aa9cf7-1900-0000-c304-8042560a0000 pid=2646->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=27c783f8-1900-0000-c304-80425a0a0000 pid=2650 /tmp/sample.bin guuid=f7aa9cf7-1900-0000-c304-8042560a0000 pid=2646->guuid=27c783f8-1900-0000-c304-80425a0a0000 pid=2650 clone guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200 /tmp/sample.bin net zombie guuid=f7aa9cf7-1900-0000-c304-8042560a0000 pid=2646->guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200 clone guuid=c2f85325-1b00-0000-c304-8042810c0000 pid=3201 /tmp/sample.bin guuid=f7aa9cf7-1900-0000-c304-8042560a0000 pid=2646->guuid=c2f85325-1b00-0000-c304-8042810c0000 pid=3201 clone guuid=d7485a25-1b00-0000-c304-8042820c0000 pid=3202 /tmp/sample.bin net send-data zombie guuid=f7aa9cf7-1900-0000-c304-8042560a0000 pid=2646->guuid=d7485a25-1b00-0000-c304-8042820c0000 pid=3202 clone guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651 /tmp/sample.bin net zombie guuid=27c783f8-1900-0000-c304-80425a0a0000 pid=2650->guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651 clone guuid=951094f8-1900-0000-c304-80425c0a0000 pid=2652 /tmp/sample.bin guuid=27c783f8-1900-0000-c304-80425a0a0000 pid=2650->guuid=951094f8-1900-0000-c304-80425c0a0000 pid=2652 clone guuid=039a98f8-1900-0000-c304-80425d0a0000 pid=2653 /tmp/sample.bin dns net send-data zombie guuid=27c783f8-1900-0000-c304-80425a0a0000 pid=2650->guuid=039a98f8-1900-0000-c304-80425d0a0000 pid=2653 clone guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con ef87fef3-6b74-5441-bcdc-d0c1e6882a74 191.181.139.171:23 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->ef87fef3-6b74-5441-bcdc-d0c1e6882a74 con edaa91b9-c67f-5dcb-96eb-baee3e925d09 84.170.147.171:80 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->edaa91b9-c67f-5dcb-96eb-baee3e925d09 con d7132d09-bc5c-5f13-bb5b-5156f731efe8 35.78.133.238:52869 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->d7132d09-bc5c-5f13-bb5b-5156f731efe8 con e9d2d9c9-31ce-5dfa-9c7a-8d314efd4aaa 25.18.117.41:8081 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->e9d2d9c9-31ce-5dfa-9c7a-8d314efd4aaa con 077b26a9-7bc2-5d53-bf23-9d4144a98a99 115.59.151.92:80 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->077b26a9-7bc2-5d53-bf23-9d4144a98a99 con 8033a13d-0c40-5855-baf6-b29f0e057ac7 78.48.173.212:8081 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->8033a13d-0c40-5855-baf6-b29f0e057ac7 con 3d4b36d4-40b0-51f7-be2f-0197f82dd679 39.113.170.136:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->3d4b36d4-40b0-51f7-be2f-0197f82dd679 con ff2664c8-4be1-51b0-98ca-20dc815d917f 23.150.126.179:23 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->ff2664c8-4be1-51b0-98ca-20dc815d917f con 3f1880fb-9095-5cc7-a5fa-1519e9a181e5 42.88.205.68:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->3f1880fb-9095-5cc7-a5fa-1519e9a181e5 con e5c2129b-d58c-5b45-a2cf-d2f8ff9aebc2 118.8.240.246:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->e5c2129b-d58c-5b45-a2cf-d2f8ff9aebc2 con 8d109866-93a7-5aa7-802e-507978cede2c 67.106.40.144:8081 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->8d109866-93a7-5aa7-802e-507978cede2c con 44987047-0fff-59e3-b6e1-96731d99b66e 169.175.218.214:8888 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->44987047-0fff-59e3-b6e1-96731d99b66e con 880f6f27-a5cd-58e7-b04f-36cf79d75da9 116.81.185.11:8888 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->880f6f27-a5cd-58e7-b04f-36cf79d75da9 con dc1ddd28-118c-5a8f-8b57-47395bc3e123 62.66.225.133:9527 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->dc1ddd28-118c-5a8f-8b57-47395bc3e123 con 0304d82f-dc5a-5860-9bee-f498bf5f378d 205.242.74.30:52869 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->0304d82f-dc5a-5860-9bee-f498bf5f378d con ae0fa478-9f49-5e9d-9ed4-88120a132c9d 96.158.177.41:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->ae0fa478-9f49-5e9d-9ed4-88120a132c9d con e710218a-51db-5336-b191-a0c4c7874364 120.0.138.21:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->e710218a-51db-5336-b191-a0c4c7874364 con 3cfcd419-caaf-5fb5-9467-938eae9ca3f6 103.1.4.102:52869 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->3cfcd419-caaf-5fb5-9467-938eae9ca3f6 con 515b3ab2-331c-568f-8e4e-726ff0762b72 201.108.42.53:81 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->515b3ab2-331c-568f-8e4e-726ff0762b72 con 99896c08-4c98-5f42-a730-aa44e45702d3 149.93.25.186:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->99896c08-4c98-5f42-a730-aa44e45702d3 con b8ad3ff9-48ec-5777-b262-78dedac16c85 67.119.216.181:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->b8ad3ff9-48ec-5777-b262-78dedac16c85 con 7f8aa37a-3cdc-5ee3-8864-633a8c0d0d46 99.76.194.135:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->7f8aa37a-3cdc-5ee3-8864-633a8c0d0d46 con f6e49eaa-bc1d-5526-9846-721ada996dd5 34.145.177.180:81 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->f6e49eaa-bc1d-5526-9846-721ada996dd5 con b06e55c9-a8b4-5294-96ce-27c71b5b94d6 87.167.152.236:5000 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->b06e55c9-a8b4-5294-96ce-27c71b5b94d6 con 7cfbb8d4-d9f5-5f30-a87f-1b70348ee18b 201.100.172.33:23 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->7cfbb8d4-d9f5-5f30-a87f-1b70348ee18b con d71f6140-fd3d-587a-88e5-21e2d7520490 67.90.17.129:8888 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->d71f6140-fd3d-587a-88e5-21e2d7520490 con 390522f8-edf0-555e-9ebe-45df0abee277 97.242.29.119:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->390522f8-edf0-555e-9ebe-45df0abee277 con ba1cf323-4771-57ca-aa2a-6af015e50976 118.194.41.74:52869 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->ba1cf323-4771-57ca-aa2a-6af015e50976 con 56df0c36-1920-5248-a3b2-bc9923ca6dde 138.67.228.77:9527 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->56df0c36-1920-5248-a3b2-bc9923ca6dde con de66dc18-13f0-58b5-ba7f-949d53a57296 168.170.42.2:23 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->de66dc18-13f0-58b5-ba7f-949d53a57296 con bd93393c-87a4-5357-9128-3f5367df28ea 80.131.102.41:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->bd93393c-87a4-5357-9128-3f5367df28ea con 99e8d790-e607-57d7-9147-9bf672b03ee4 218.151.232.223:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->99e8d790-e607-57d7-9147-9bf672b03ee4 con 82a2aa4c-3843-51da-8599-36dd7401600c 132.150.97.135:8081 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->82a2aa4c-3843-51da-8599-36dd7401600c con 1aec6eda-3cc0-5812-bbf5-960bbd3403de 109.138.224.171:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->1aec6eda-3cc0-5812-bbf5-960bbd3403de con a05d1b15-44c6-5bc6-9a21-b057e9c245e1 84.95.109.129:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->a05d1b15-44c6-5bc6-9a21-b057e9c245e1 con 71fd81f9-9769-574d-b578-29f5feb2497a 194.192.83.197:9527 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->71fd81f9-9769-574d-b578-29f5feb2497a con 92756b58-596c-5b8b-b99e-f20a68fc8127 78.85.254.228:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->92756b58-596c-5b8b-b99e-f20a68fc8127 con 3dee3905-204a-5d64-adf5-5ca738e2df7a 115.127.5.56:8888 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->3dee3905-204a-5d64-adf5-5ca738e2df7a con ae56f0f0-1409-5897-887e-f5e7bb06afb6 12.5.189.125:80 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->ae56f0f0-1409-5897-887e-f5e7bb06afb6 con 49405355-8e4b-564b-8a46-3a6eb6301957 5.210.112.194:8888 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->49405355-8e4b-564b-8a46-3a6eb6301957 con 583a0190-073a-5aa4-9810-ecdc59b4abf1 174.31.227.196:81 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->583a0190-073a-5aa4-9810-ecdc59b4abf1 con 3f2b1a8d-83ca-5891-8d07-10000b146c39 24.222.207.104:9527 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->3f2b1a8d-83ca-5891-8d07-10000b146c39 con ca3b4c9d-af60-5ab5-9429-f9d083a3d1d6 31.62.122.98:80 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->ca3b4c9d-af60-5ab5-9429-f9d083a3d1d6 con 0977df3c-57fe-587d-a397-73b19efbc9ea 160.224.65.6:8081 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->0977df3c-57fe-587d-a397-73b19efbc9ea con 0b0927f7-b5b2-5af7-ae56-554e0cfb9d77 84.139.18.150:80 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->0b0927f7-b5b2-5af7-ae56-554e0cfb9d77 con a500f0cc-66c9-50c8-82a3-2379f0094ee5 196.111.78.239:9527 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->a500f0cc-66c9-50c8-82a3-2379f0094ee5 con d17fa5bc-22a2-593f-82b0-25dbd3de41a3 91.124.218.139:80 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->d17fa5bc-22a2-593f-82b0-25dbd3de41a3 con 699f6c09-dd55-5533-a814-f664e20ecdf9 119.192.150.146:8081 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->699f6c09-dd55-5533-a814-f664e20ecdf9 con ed828816-e3cb-5eda-9dcf-7f54331019fc 128.107.198.21:23 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->ed828816-e3cb-5eda-9dcf-7f54331019fc con 3f1699d9-e24d-54b5-833e-f80b6c176a77 114.151.166.237:9527 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->3f1699d9-e24d-54b5-833e-f80b6c176a77 con b4f4773a-a087-5958-8cb3-875cd80a6a58 69.8.193.70:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->b4f4773a-a087-5958-8cb3-875cd80a6a58 con abd22bf2-73a6-5d27-8814-2eb51517c42f 223.152.44.17:81 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->abd22bf2-73a6-5d27-8814-2eb51517c42f con faebfd68-3308-5f73-b127-a70fc65124a9 159.232.58.71:23 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->faebfd68-3308-5f73-b127-a70fc65124a9 con 39de2b64-c234-5f71-94b1-018266a2929f 35.101.28.190:81 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->39de2b64-c234-5f71-94b1-018266a2929f con f50aecaa-a437-5ef8-a698-bfd3b05faca6 96.214.224.157:81 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->f50aecaa-a437-5ef8-a698-bfd3b05faca6 con 4b31afcd-f878-5274-b692-c1487a4c645d 216.38.104.20:80 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->4b31afcd-f878-5274-b692-c1487a4c645d con 14743252-83b1-5fe5-a602-47c6284812ca 24.68.55.37:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->14743252-83b1-5fe5-a602-47c6284812ca con bbdcb051-1f53-563e-9706-ebc0e440981f 174.117.17.212:8081 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->bbdcb051-1f53-563e-9706-ebc0e440981f con 3b85891a-82e4-5a59-9e72-4fe14a346b98 164.202.193.160:9527 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->3b85891a-82e4-5a59-9e72-4fe14a346b98 con 2b835c02-e0c9-5622-809d-e41eca0efefd 96.207.131.120:22 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->2b835c02-e0c9-5622-809d-e41eca0efefd con 95e84dd6-bd1c-5993-a18d-bf4924860ba4 144.214.115.163:23 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->95e84dd6-bd1c-5993-a18d-bf4924860ba4 con ae6c2bbe-85f4-528b-82a8-df475bbd5d83 200.94.56.225:8080 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->ae6c2bbe-85f4-528b-82a8-df475bbd5d83 con 140b4012-2889-53c0-ae27-4c5abb930f0e 96.212.128.156:80 guuid=8e258ff8-1900-0000-c304-80425b0a0000 pid=2651->140b4012-2889-53c0-ae27-4c5abb930f0e con guuid=039a98f8-1900-0000-c304-80425d0a0000 pid=2653->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 108B 62d17e6a-4c11-5f38-bf9d-8aec77b84b23 mortex.duckdns.org:12121 guuid=039a98f8-1900-0000-c304-80425d0a0000 pid=2653->62d17e6a-4c11-5f38-bf9d-8aec77b84b23 con guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 59583071-48d4-51c3-8423-f65b5a9d3977 19.136.47.170:81 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->59583071-48d4-51c3-8423-f65b5a9d3977 con 65f1d525-a3e0-524e-b9cf-1b5b97ce3e8d 160.243.55.170:80 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->65f1d525-a3e0-524e-b9cf-1b5b97ce3e8d con dcc452c4-5231-51ff-aa81-f37a47264639 13.10.236.206:8888 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->dcc452c4-5231-51ff-aa81-f37a47264639 con 5ffa32b8-11cf-502a-b0df-90b600518e76 42.92.148.18:5000 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->5ffa32b8-11cf-502a-b0df-90b600518e76 con 3aaa9c6b-4acd-5221-89ff-d77cd6a1065b 125.39.208.15:8888 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->3aaa9c6b-4acd-5221-89ff-d77cd6a1065b con 89f52dcd-2ffa-55d8-972a-62b6987fdf7a 201.183.77.224:8080 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->89f52dcd-2ffa-55d8-972a-62b6987fdf7a con b4121caf-151e-5168-a13d-97b574c17b51 47.147.53.216:52869 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->b4121caf-151e-5168-a13d-97b574c17b51 con 7afa5a98-b32e-5a4c-86e0-12c67be11122 4.6.242.67:8080 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->7afa5a98-b32e-5a4c-86e0-12c67be11122 con 770f06a2-cfb6-534a-a7f2-3b354d0d6e36 159.224.254.74:8888 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->770f06a2-cfb6-534a-a7f2-3b354d0d6e36 con d8b1ca36-cac2-5df2-914c-52a6a000c981 115.159.47.47:81 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->d8b1ca36-cac2-5df2-914c-52a6a000c981 con 6487abf2-a17e-51a5-9825-0279bd885ca8 163.247.9.115:52869 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->6487abf2-a17e-51a5-9825-0279bd885ca8 con 635cc336-d9ce-58dd-9c7c-073fb5d2bbe3 125.187.133.115:8081 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->635cc336-d9ce-58dd-9c7c-073fb5d2bbe3 con 9fb0a879-613c-5b4a-b97c-84e6de78348e 150.239.37.243:9527 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->9fb0a879-613c-5b4a-b97c-84e6de78348e con 5325333e-6ef3-5d58-86cb-46877e1ec270 86.91.180.15:9527 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->5325333e-6ef3-5d58-86cb-46877e1ec270 con 1c59906c-e6b2-5b8d-a697-32cbdf8f2df2 209.141.232.41:81 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->1c59906c-e6b2-5b8d-a697-32cbdf8f2df2 con ebec3323-5798-5ad1-8867-05d70d6f09f2 169.219.160.221:81 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->ebec3323-5798-5ad1-8867-05d70d6f09f2 con 6f349616-7fee-5c02-9e44-5ac0aafabdfc 148.214.108.247:80 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->6f349616-7fee-5c02-9e44-5ac0aafabdfc con 03f67c32-2f59-50b0-8a7d-bb1fd1f89cf1 53.136.64.80:37215 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->03f67c32-2f59-50b0-8a7d-bb1fd1f89cf1 con d693dfd7-45cf-52a8-b6f7-c1b9bf9ad748 54.15.25.45:37215 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->d693dfd7-45cf-52a8-b6f7-c1b9bf9ad748 con 16abe587-1a49-52a4-98a0-4736efa08408 162.159.171.241:8888 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->16abe587-1a49-52a4-98a0-4736efa08408 con 71bd6a3d-5875-5f11-a0b2-c81c13e5a8ee 78.26.173.152:37215 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->71bd6a3d-5875-5f11-a0b2-c81c13e5a8ee con 5eeb5462-cede-5ac8-9422-015444352670 2.226.2.87:23 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->5eeb5462-cede-5ac8-9422-015444352670 con 9c329ed9-a198-5fa2-8e49-2b3284e0ec8c 94.113.14.14:37215 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->9c329ed9-a198-5fa2-8e49-2b3284e0ec8c con cd6d5234-1108-5182-83bb-e5e96a637319 210.52.10.205:22 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->cd6d5234-1108-5182-83bb-e5e96a637319 con c8fe0c0f-0fd0-5d04-9348-7e4c6eaef385 57.88.90.69:9527 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->c8fe0c0f-0fd0-5d04-9348-7e4c6eaef385 con bfa9f3c1-d8ef-5fdc-b271-08b746c23f31 44.160.85.146:5000 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->bfa9f3c1-d8ef-5fdc-b271-08b746c23f31 con 3b5080c7-343e-50ad-b3cd-f7f30a7d9277 153.37.5.4:8080 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->3b5080c7-343e-50ad-b3cd-f7f30a7d9277 con 8d8f1dcb-4fb6-527e-9a1e-edf941f0e074 58.43.167.147:81 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->8d8f1dcb-4fb6-527e-9a1e-edf941f0e074 con 75cc0edd-2d6f-5bf8-b797-e136db28c043 40.41.211.175:80 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->75cc0edd-2d6f-5bf8-b797-e136db28c043 con f2922f6e-84c5-5215-b467-20ab07892812 35.81.115.9:8888 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->f2922f6e-84c5-5215-b467-20ab07892812 con ccf5233c-e86f-5902-babe-d16be081ee2d 85.205.184.4:9527 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->ccf5233c-e86f-5902-babe-d16be081ee2d con ec183d96-2dbe-5641-b4f2-fb0dcbb2961f 111.246.53.167:23 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->ec183d96-2dbe-5641-b4f2-fb0dcbb2961f con a644dbc2-3f8e-5ba8-86c5-1c5512216057 68.117.168.4:80 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->a644dbc2-3f8e-5ba8-86c5-1c5512216057 con 2e74dd7b-4110-5a67-bf5e-ac4033d3370b 180.100.30.16:8081 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->2e74dd7b-4110-5a67-bf5e-ac4033d3370b con 442044ee-3048-575a-b9cd-a2d8f54b859a 201.156.54.87:8081 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->442044ee-3048-575a-b9cd-a2d8f54b859a con a32c5b23-2133-5777-baf9-6bd93d6a3378 199.205.159.47:80 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->a32c5b23-2133-5777-baf9-6bd93d6a3378 con 22ed94c9-bfdc-573d-8e1c-ed300c3923fd 163.156.31.66:8081 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->22ed94c9-bfdc-573d-8e1c-ed300c3923fd con 4677023e-2372-55ac-a9e0-7239196571de 192.75.212.102:5000 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->4677023e-2372-55ac-a9e0-7239196571de con 810ee79e-7b84-5565-a331-0c863a7ecd4f 153.49.29.29:8888 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->810ee79e-7b84-5565-a331-0c863a7ecd4f con 3f3a52a2-dcf0-5045-83c5-eb2df2bd56ab 130.247.122.204:9527 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->3f3a52a2-dcf0-5045-83c5-eb2df2bd56ab con 764e9724-6f91-5bb4-aef3-e827395b651e 135.47.212.248:8080 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->764e9724-6f91-5bb4-aef3-e827395b651e con 38407d22-e875-54ae-aa27-07223d672ea5 112.138.77.226:8081 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->38407d22-e875-54ae-aa27-07223d672ea5 con 558ff187-64ed-59fa-bb38-b23b6cf49234 105.157.137.206:8080 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->558ff187-64ed-59fa-bb38-b23b6cf49234 con bcbcf674-4aa1-5e62-bd68-50ab9784af0a 86.219.252.148:81 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->bcbcf674-4aa1-5e62-bd68-50ab9784af0a con cb41c9e6-35c3-5433-a444-55459befd0cc 168.193.52.44:8081 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->cb41c9e6-35c3-5433-a444-55459befd0cc con 8d372920-d72c-5b8d-a1d9-03d6f3ff4548 124.187.122.171:80 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->8d372920-d72c-5b8d-a1d9-03d6f3ff4548 con 5ecfbac2-8712-580c-86d1-05b2d923f9dc 92.204.56.192:22 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->5ecfbac2-8712-580c-86d1-05b2d923f9dc con 168b04cb-c620-5a87-8847-098373eab6c8 220.39.230.245:9527 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->168b04cb-c620-5a87-8847-098373eab6c8 con 2113a27a-3c55-5161-9f0e-350335a9c214 27.84.87.62:37215 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->2113a27a-3c55-5161-9f0e-350335a9c214 con 5b32fd96-5510-58b6-8110-007cf1ba4629 20.74.179.182:22 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->5b32fd96-5510-58b6-8110-007cf1ba4629 con 75da4687-65d3-598a-bd79-af363233cb74 96.56.35.19:8081 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->75da4687-65d3-598a-bd79-af363233cb74 con d97be586-425a-5174-b506-2aebd33d902f 64.206.145.55:9527 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->d97be586-425a-5174-b506-2aebd33d902f con f9b7776e-b8c2-5297-8c5b-540d3d214f89 5.117.182.40:37215 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->f9b7776e-b8c2-5297-8c5b-540d3d214f89 con 68859117-edc0-5fe9-982f-ceacb690cf7d 128.81.121.124:37215 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->68859117-edc0-5fe9-982f-ceacb690cf7d con bd14b53a-418f-5712-8826-e1420469f9b3 45.7.47.32:22 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->bd14b53a-418f-5712-8826-e1420469f9b3 con bf103d50-f1d1-5f22-ad3e-dec0512f0198 185.138.180.72:8888 guuid=03154c25-1b00-0000-c304-8042800c0000 pid=3200->bf103d50-f1d1-5f22-ad3e-dec0512f0198 con guuid=d7485a25-1b00-0000-c304-8042820c0000 pid=3202->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 540B b2255150-2060-5b7f-9786-12d5e647a020 84.201.5.31:12121 guuid=d7485a25-1b00-0000-c304-8042820c0000 pid=3202->b2255150-2060-5b7f-9786-12d5e647a020 con
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/49c6aaec-630d-4bff-8d46-9514045382a2
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1810092
Signature
Connects to many ports of the same IP (likely port scanning)
Malicious sample detected (through community Yara rule)
Sample is packed with UPX
Uses dynamic DNS services
Uses known network protocols on non-standard ports
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1810092 Sample: morte.x86.elf Startdate: 07/11/2025 Architecture: LINUX Score: 72 30 mortex.duckdns.org 2->30 32 187.236.6.106, 52869 UninetSAdeCVMX Mexico 2->32 34 100 other IPs or domains 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Yara detected Mirai 2->38 40 Connects to many ports of the same IP (likely port scanning) 2->40 44 2 other signatures 2->44 8 dash rm morte.x86.elf 2->8         started        10 dash rm 2->10         started        12 dash head 2->12         started        14 8 other processes 2->14 signatures3 42 Uses dynamic DNS services 30->42 process4 process5 16 morte.x86.elf 8->16         started        18 morte.x86.elf 8->18         started        20 morte.x86.elf 8->20         started        22 morte.x86.elf 8->22         started        process6 24 morte.x86.elf 16->24         started        26 morte.x86.elf 16->26         started        28 morte.x86.elf 16->28         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-07 17:08:16 UTC
File Type:
ELF32 Little (Exe)
AV detection:
22 of 38 (57.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7j2ir2jdn3gh6x2hwk6hgd3ky5cxndo6tplidvyp3fmb5fnzjhiq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251107-vnneaaxmh1/
Behaviour
Reads runtime system information
Enumerates running processes
Writes file to system bin folder
Modifies Watchdog functionality
Mirai
Mirai family
Malware Config
C2 Extraction:
mortex.duckdns.org
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135858-0
YARA:
n/a
Link:
https://app.threat.zone/submission/ddd0d9de-d916-49a7-828c-b8c1dfb42a77
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf fa7488e9236ecc7f5f47b2bc730f6ac745768dde9bd681d70fd9581e95b949d1

(this sample)

Mirai

elf b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936

  
URLhaus
https://urlhaus.abuse.ch/url/3694991/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 b2980ef85d9795946eb269e6dde1c06c3de2fb7f0870da1064c43a44f09d3936
  
Dropping
MD5 e746fd26d6fb951edcad797152e9fcdc

Comments