MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbcc42e851e7348f826b49a2b2803eb116c5df0d97cbc9e80f8d4763d859adde. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbcc42e851e7348f826b49a2b2803eb116c5df0d97cbc9e80f8d4763d859adde
SHA3-384 hash: 744465d518cd780cac88c9694a969c5accd57b66536688ec048cefca4376022e887781dbfaee4eb723658cc59231e719
SHA1 hash: c31a64449fb61a37006d2339f861ee9aa9d06259
MD5 hash: a0e439dd1685410e2b5e8c829082324a
humanhash: mockingbird-salami-london-glucose
File name:i686
Download: download sample
Signature Mirai
Create hunting rule
File size:115'996 bytes
First seen:2025-12-02 17:23:58 UTC
Last seen:2025-12-02 19:19:01 UTC
File type: elf
MIME type:application/x-sharedlib
ssdeep 1536:EakoV5eKAqAD1WcuExlypmneMQpb/QUy1XuxwEvFwVdrPxCyZqgJ9saUBeaorSCX:lUq2WgxQmneBbA+TcrPxBjJCaUBQSCX
TLSH T159B35A48F787C1F0F68395B1012BD7B72A748926A026FAD5FF893771F8326529D1A21C
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
3
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Gathering data
Result
Gathering data
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/7cfa3793-ff72-4054-a126-959144b34cbc
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1824706
Signature
Antivirus / Scanner detection for submitted sample
Opens /sys/class/net/* files useful for querying network interface information
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1824706 Sample: i686.elf Startdate: 02/12/2025 Architecture: LINUX Score: 52 15 178.62.42.170, 8001 DIGITALOCEAN-ASNUS European Union 2->15 17 68.183.12.122, 8001 DIGITALOCEAN-ASNUS United States 2->17 19 Antivirus / Scanner detection for submitted sample 2->19 8 i686.elf 2->8         started        signatures3 process4 process5 10 i686.elf 8->10         started        signatures6 21 Opens /sys/class/net/* files useful for querying network interface information 10->21 13 i686.elf 10->13         started        process7
Score:
89%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/fbcc42e851e7348f826b49a2b2803eb116c5df0d97cbc9e80f8d4763d859adde
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fbcc42e851e7348f826b49a2b2803eb116c5df0d97cbc9e80f8d4763d859adde/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-02 17:07:25 UTC
File Type:
ELF32 Little (SO)
AV detection:
3 of 36 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7pgef2cr442i7atljgrlfab6welmlxyns7f4t2aprvdwhwczvxpa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/251202-vy21esvpfw/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Changes its process name
Enumerates running processes
Reads MAC address of network interface
Reads network interface configuration
Renames itself
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/37aa74dc-2299-43d8-9ffe-351fe6541c7d
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf fbcc42e851e7348f826b49a2b2803eb116c5df0d97cbc9e80f8d4763d859adde

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3723481/
  
Delivery method
Distributed via web download

Comments