MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdcae3ec12b5cbf0db705c529870850bab2b3b9531359da41c36cd84d4f43fce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdcae3ec12b5cbf0db705c529870850bab2b3b9531359da41c36cd84d4f43fce
SHA3-384 hash: a69dab1ed8af565f393cb1880dab9f24b1fcdd5e22dc8c917ebeb09b6ef5f0dea60c5b7aedd43ecefb21e4cf7dee484b
SHA1 hash: 3456c8968fac7a710a331a298a09a5c4f072750e
MD5 hash: f0fbbc48f3b2b7a9c689cdc4006abbe8
humanhash: one-seventeen-beer-potato
File name:ocarm6nk
Download: download sample
Signature Mirai
Create hunting rule
File size:168'092 bytes
First seen:2025-07-20 03:48:43 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 3072:a5tW0AC8iB2mZbdiXV3cOKFdNd+Av40X7azaDh/0GP:riZZ8XVc1v+mL7aza1/0o
TLSH T111F30A46F8819B15D5D615BAFE0E128E33231B78E3DE73029D246F307B8A87B0E7A515
telfhash t118f07d56cf4d0acccbc2c44c949da00942ac70da2b75101baf69a61e4e124d43a1e568
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 faabe593773a753322b1e5c73779d065924ed94788ac06fa8022d82674951535
File size (compressed) :63'548 bytes
File size (de-compressed) :168'092 bytes
Format:linux/arm
Packed file: faabe593773a753322b1e5c73779d065924ed94788ac06fa8022d82674951535

Intelligence

File Origin
# of uploads :
1
# of downloads :
19
Origin country :
NL NL
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
expand lolbin remote
Link:
https://www.filescan.io/uploads/687c67498a7d628a81b8124a/reports/8534a727-ae7d-4778-bb00-8ae0ac387601/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/fdcae3ec12b5cbf0db705c529870850bab2b3b9531359da41c36cd84d4f43fce
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/99cf9b89-eccc-4c8f-b8ee-053b3789407b
Behavior Graph:
Download SVG
%3 guuid=b3dca386-1800-0000-a908-8c28a9060000 pid=1705 /usr/bin/sudo guuid=6d0d2089-1800-0000-a908-8c28b1060000 pid=1713 /tmp/sample.bin guuid=b3dca386-1800-0000-a908-8c28a9060000 pid=1705->guuid=6d0d2089-1800-0000-a908-8c28b1060000 pid=1713 execve
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/71c99e78-9083-41c6-8929-ce9ab14a07b3
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1740300
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/fdcae3ec12b5cbf0db705c529870850bab2b3b9531359da41c36cd84d4f43fce
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fdcae3ec12b5cbf0db705c529870850bab2b3b9531359da41c36cd84d4f43fce/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-07-20 03:49:29 UTC
File Type:
ELF32 Little (Exe)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7xfoh3aswxf7bw3qlrjjq4efbovswo4vge2z3ja4g3gyjvhuh7ha._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/250720-edjeksvnw4/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-9441505-0
YARA:
n/a
Link:
https://app.threat.zone/submission/4c1f1694-7614-4698-9edb-416caac21f09
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fdcae3ec12b5cbf0db705c529870850bab2b3b9531359da41c36cd84d4f43fce

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202503_elf_Mirai
Create hunting rule
Author:abuse.ch
Description:Detects Mirai 'TSource' ELF files
Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf faabe593773a753322b1e5c73779d065924ed94788ac06fa8022d82674951535

Mirai

elf fdcae3ec12b5cbf0db705c529870850bab2b3b9531359da41c36cd84d4f43fce

(this sample)

  
Dropped by
SHA256 faabe593773a753322b1e5c73779d065924ed94788ac06fa8022d82674951535
  
URLhaus
https://urlhaus.abuse.ch/url/3586080/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 6e8907b365c608aa5dc06f062de7be2c

Comments