Summary

mirai.mips

File mirai.mips

Summary
Download Resubmit sample

Size 82.0KB
Type ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
MD5 a7b04a092ef4c3c79a79879728994b60
SHA1 c92cfb23fc3b24c1e0b60877bee81e20a0b7a6a2
SHA256 563203b7968388bd728cdf3c8a211e534a1255b30d945f3025633c59f70cb685
SHA512
9b42b3eb62f578786d9715ce78af62301339b21771b7895100aa19c024c2115d2cf4181d518c379ead8e5a13dcfd57db48354dad042fe4c5bdfdb0faa24d71a6
CRC32 8AE7282E
ssdeep None
Yara
  • Mirai_Botnet_Malware - Detects Mirai Botnet Malware
  • MAL_ELF_LNX_Mirai_Oct10_2 - Detects ELF malware Mirai related
  • CrowdStrike_CSIT_16121_01 - Detection for Mirai Linux DDOS bot

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE July 6, 2025, 1:24 p.m. July 6, 2025, 1:26 p.m. 95 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-07-06 13:23:09,002 [root] DEBUG: Starting analyzer from: /tmp/tmpN2vKcQ
2025-07-06 13:23:09,002 [root] DEBUG: Storing results at: /tmp/cQyQpXwK
2025-07-06 13:23:11,171 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-07-06 13:23:11,176 [modules.auxiliary.human] INFO: Human started v0.02
2025-07-06 13:23:11,680 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-07-06 13:23:18,088 [lib.core.packages] INFO: Process startup took 6.40 seconds
2025-07-06 13:23:18,088 [root] INFO: Added new process to list with pid: 3838
2025-07-06 13:23:24,101 [root] INFO: Process with pid 3838 has terminated
2025-07-06 13:23:24,103 [root] INFO: Process list is empty, terminating analysis.
2025-07-06 13:23:27,106 [lib.core.packages] INFO: Package requested stop
2025-07-06 13:23:27,108 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2025-07-06 13:24:29,827 [cuckoo.core.scheduler] DEBUG: Task #6658945: no machine available yet
2025-07-06 13:24:30,849 [cuckoo.core.scheduler] DEBUG: Task #6658945: no machine available yet
2025-07-06 13:24:31,872 [cuckoo.core.scheduler] DEBUG: Task #6658945: no machine available yet
2025-07-06 13:24:32,892 [cuckoo.core.scheduler] DEBUG: Task #6658945: no machine available yet
2025-07-06 13:24:33,918 [cuckoo.core.scheduler] DEBUG: Task #6658945: no machine available yet
2025-07-06 13:24:35,038 [cuckoo.core.scheduler] DEBUG: Task #6658945: no machine available yet
2025-07-06 13:24:36,068 [cuckoo.core.scheduler] DEBUG: Task #6658945: no machine available yet
2025-07-06 13:24:37,099 [cuckoo.core.scheduler] INFO: Task #6658945: acquired machine Ubuntu1904x644 (label=Ubuntu1904x644)
2025-07-06 13:24:37,100 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.104 for task #6658945
2025-07-06 13:24:37,527 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1011355 (interface=vboxnet0, host=192.168.168.104)
2025-07-06 13:24:37,548 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x644
2025-07-06 13:24:38,225 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x644 to Snapshot
2025-07-06 13:24:48,094 [cuckoo.core.guest] INFO: Starting analysis #6658945 on guest (id=Ubuntu1904x644, ip=192.168.168.104)
2025-07-06 13:24:49,099 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: not ready yet
2025-07-06 13:24:54,126 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x644, ip=192.168.168.104)
2025-07-06 13:24:54,149 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x644, ip=192.168.168.104, monitor=latest, size=73219)
2025-07-06 13:24:55,381 [cuckoo.core.resultserver] DEBUG: Task #6658945: live log analysis.log initialized.
2025-07-06 13:25:03,536 [cuckoo.core.resultserver] DEBUG: Task #6658945: File upload for 'shots/0001.jpg'
2025-07-06 13:25:03,556 [cuckoo.core.resultserver] DEBUG: Task #6658945 uploaded file length: 171485
2025-07-06 13:25:09,401 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: analysis #6658945 still processing
2025-07-06 13:25:13,506 [cuckoo.core.resultserver] DEBUG: Task #6658945: File upload for 'logs/all.stap'
2025-07-06 13:25:13,510 [cuckoo.core.resultserver] DEBUG: Task #6658945 uploaded file length: 58814
2025-07-06 13:25:24,673 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: analysis #6658945 still processing
2025-07-06 13:25:39,889 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: analysis #6658945 still processing
2025-07-06 13:25:55,012 [cuckoo.core.guest] INFO: Ubuntu1904x644: end of analysis reached!
2025-07-06 13:25:55,029 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-06 13:25:55,056 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-06 13:25:56,032 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x644 to path /srv/cuckoo/cwd/storage/analyses/6658945/memory.dmp
2025-07-06 13:25:56,033 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x644
2025-07-06 13:26:04,316 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.104 for task #6658945
2025-07-06 13:26:04,317 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6658945
2025-07-06 13:26:04,644 [cuckoo.core.scheduler] DEBUG: Released database task #6658945
2025-07-06 13:26:04,660 [cuckoo.core.scheduler] INFO: Task #6658945: analysis procedure completed

Signatures

Yara rules detected for file (3 events)
description Detects Mirai Botnet Malware rule Mirai_Botnet_Malware
description Detects ELF malware Mirai related rule MAL_ELF_LNX_Mirai_Oct10_2
description Detection for Mirai Linux DDOS bot rule CrowdStrike_CSIT_16121_01
File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)
G Data Antivirus (Windows) Virus: Trojan.Linux.Mirai.1 (Engine A), Linux.Trojan.Mirai.B (Engine B)
Avast Core Security (Linux) ELF:Mirai-A [Trj]
C4S ClamAV (Linux) Unix.Trojan.Mirai-7100807-0
Trend Micro SProtect (Linux) ELF_MIRAI.SM
Trellix (Linux) Linux/Mirai.a trojan
WithSecure (Linux) Malware.LINUX/Mirai.bonb
eScan Antivirus (Linux) Trojan.Linux.Mirai.1(DB)
ESET Security (Windows) a variant of Linux/Mirai.A trojan
Sophos Anti-Virus (Linux) Linux/DDoS-CI
DrWeb Antivirus (Linux) Linux.Siggen.9999
ClamAV (Linux) Unix.Trojan.Mirai-7100807-0
Bitdefender Antivirus (Linux) Trojan.Linux.Mirai.1
Kaspersky Standard (Windows) HEUR:Backdoor.Linux.Mirai.n
Emsisoft Commandline Scanner (Windows) Trojan.Linux.Mirai.1 (B)
File has been identified by 37 AntiVirus engines on VirusTotal as malicious (37 events)
Cynet Malicious (score: 99)
CTX elf.trojan.mirai
Skyhigh Linux/Mirai.a
ALYac Trojan.Linux.Mirai.1
VIPRE Trojan.Linux.Mirai.1
Sangfor Suspicious.Linux.Save.a
Arcabit Trojan.Linux.Mirai.1
Symantec Linux.Mirai
ESET-NOD32 a variant of Linux/Mirai.A
TrendMicro-HouseCall ELF_MIRAI.SM
Avast ELF:Mirai-A [Trj]
ClamAV Unix.Trojan.Mirai-7100807-0
Kaspersky HEUR:Backdoor.Linux.Mirai.n
BitDefender Trojan.Linux.Mirai.1
MicroWorld-eScan Trojan.Linux.Mirai.1
Rising Backdoor.Mirai/Linux!1.AA81 (CLASSIC)
Emsisoft Trojan.Linux.Mirai.1 (B)
F-Secure Malware.LINUX/Mirai.bonb
DrWeb Linux.Siggen.9999
TrendMicro ELF_MIRAI.SM
Sophos Linux/DDoS-CI
Ikarus Trojan.Linux.Mirai
Avast-Mobile ELF:Mirai-DN [Trj]
Google Detected
Avira LINUX/Mirai.bonb
Gridinsoft Susp.U.XOREncoded.sd!yf
Microsoft Backdoor:Linux/Mirai.B
ZoneAlarm Linux/DDoS-CI
GData Linux.Trojan.Mirai.B
Varist E32/Mirai.G.gen!Camelot
AhnLab-V3 Linux/Mirai.Gen
Tencent Backdoor.Linux.Mirai.wao
TrellixENS Linux/Mirai.a
huorong Trojan/Linux.Mirai.g
MaxSecure Trojan.Malware.121218.susgen
Fortinet ELF/Mirai.B!tr
AVG ELF:Mirai-A [Trj]
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.