# MalwareBazaar – 04.04.2026 22:34 UTC Dieser Run hat **18 neue Samples** gefunden (von 100 geprüft). > ⭐ **Wochen-Sample aktiv:** `5ea579e8fa695b2312ed…` wird diese Woche dauerhaft getrackt. --- ## Überblick | | | |---|---| | Neue Samples | **19** | | Kritisch (≥75) | **14** | | Höchster Score | **84.4/100** – 3ef977021623a269… | | Häufigste Familie | **Mirai** (13x) | | Häufigster Typ | **elf** (12x) | | Hauptplattform | **Linux** | | VT-angereichert | 5 Samples | | MITRE gemappt | 14 Samples | | Ø Dateigröße | 0.63 MB (σ=1.85) | ## Dateitypen | Typ | Anzahl | Anteil | |-----|--------|--------| | `elf` | 12 | 63.2% ████████████ | | `exe` | 3 | 15.8% ███ | | `sh` | 2 | 10.5% ██ | | `unknown` | 1 | 5.3% █ | | `msi` | 1 | 5.3% █ | ## Familien / Signaturen | # | Familie | Anzahl | Anteil | |---|---------|--------|--------| | 1 | Mirai | 13 | 68.4% | | 2 | unbekannt | 2 | 10.5% | | 3 | ValleyRAT | 2 | 10.5% | | 4 | EternalRocks | 1 | 5.3% | | 5 | OffLoader | 1 | 5.3% | ## Klassifikation > Erkennungslogik: (1) Signatur-Lookup → (2) Tag-Keywords → (3) VT-Daten → (4) Dateityp-Heuristik | Kategorie | Anzahl | Anteil | Konfidenz | |-----------|--------|--------|-----------| | Botnet/IoT | 13 | 68.4% | 95% | | Andere / Unbekannt | 2 | 10.5% | 20% | | Loader | 2 | 10.5% | 75% | | RAT | 1 | 5.3% | 75% | | Trojaner | 1 | 5.3% | 65% | ## Risiko-Score > **VT-Erkennung: NIEDRIGE Rate = GEFÄHRLICH** (Malware ist evasiv, kaum erkannt) > Formel (mit VT): `R = (0.35·Severity + 0.30·Signalstärke + 0.25·Evasivität + 0.10·Aktualität) × 100` > Evasivität = `1 - VT_Rate` → 1/70 erkannt → s_det = 0.986 (maximal evasiv = gefährlich) | Level | Samples | Anteil | |-------|---------|--------| | 🔴 KRITISCH | 14 | 73.7% | | 🟠 HOCH | 3 | 15.8% | | 🟡 MITTEL | 0 | 0.0% | | 🟢 NIEDRIG | 2 | 10.5% | **Top 10 nach Score:** | SHA256 | Familie | Kat. | Score | Level | VT-Rate | Erkennungsqualität | Defender | |--------|---------|------|-------|-------|---------|-------------------|----------| | [3ef977021623a2…](https://bazaar.abuse.ch/sample/3ef977021623a2699154204ca9e45d33d6c82b41d702f04254abfe21d268d98b/) | Mirai | Botnet/IoT | **84.4** | 🔴 KRITISCH | – | – | ? | | [af4029c076c70e…](https://bazaar.abuse.ch/sample/af4029c076c70e16d60cc07d811487c62168190f4a0934e8f098be2965812a9a/) | Mirai | Botnet/IoT | **84.2** | 🔴 KRITISCH | – | – | ? | | [38c20c35dbb057…](https://bazaar.abuse.ch/sample/38c20c35dbb057ce3b8b0f7d05af60d37176158339ca31caae044e0723ac0fe5/) | Mirai | Botnet/IoT | **84.2** | 🔴 KRITISCH | – | – | ? | | [46211322cdf552…](https://bazaar.abuse.ch/sample/46211322cdf55293bfc9b34f1db8f9fd947ff1d3a0aa9123d15432920ab001fe/) | Mirai | Botnet/IoT | **84.1** | 🔴 KRITISCH | – | – | ? | | [6f696ecf545ba1…](https://bazaar.abuse.ch/sample/6f696ecf545ba18eb0f4ae12413a36371a1c2eeb7ff83a638909869804450642/) | Mirai | Botnet/IoT | **84.1** | 🔴 KRITISCH | – | – | ? | | [19c62e4d749a41…](https://bazaar.abuse.ch/sample/19c62e4d749a41b4eb0ac670c5fd9bedfd471ee5541064e52e2a1e9bc20e4a5a/) | Mirai | Botnet/IoT | **84.1** | 🔴 KRITISCH | – | – | ? | | [d915456f8cbae9…](https://bazaar.abuse.ch/sample/d915456f8cbae999581539ac28856d78e79bc65fa818eddf1912de17cdab6d98/) | Mirai | Botnet/IoT | **84.0** | 🔴 KRITISCH | – | – | ? | | [2f1aef36cecf1e…](https://bazaar.abuse.ch/sample/2f1aef36cecf1ee47bf3f41eaf48b5c45f2fbf3277e54601c9d537e98cffc881/) | Mirai | Botnet/IoT | **84.0** | 🔴 KRITISCH | – | – | ? | | [14df0a8f6e7b6f…](https://bazaar.abuse.ch/sample/14df0a8f6e7b6f53be0abec8f4b094498476b548d0530748194b8cfb4471eff1/) | Mirai | Botnet/IoT | **83.8** | 🔴 KRITISCH | – | – | ? | | [c4f096b50ac4b0…](https://bazaar.abuse.ch/sample/c4f096b50ac4b00583cba6f798cd667f53d0e8c4298b123214528b7ec13a4a99/) | ValleyRAT | RAT | **80.8** | 🔴 KRITISCH | – | – | ? | ### VT-Erkennung: Was bedeutet die Rate? > ⚠️ **Niedrige Rate ≠ harmlos!** Eine Malware die nur 1/70 Engines erkennen = hochgradig evasiv. > Sie ist GEFÄHRLICHER weil sie Antivirenprogramme umgeht. > | Rate | Bedeutung | Farbe | > |------|-----------|-------| > | < 10% | ⚠️ KAUM ERKANNT – maximal evasiv | 🔴 ROT | > | 10–40% | 🟡 SCHWACH ERKANNT | 🟠 ORANGE | > | 40–70% | 🟠 MÄSSIG ERKANNT | 🟡 GELB | > | ≥ 70% | ✅ GUT ERKANNT – breite Abdeckung | 🟢 GRÜN | ## AV-Zuverlässigkeit (Erkennungsrate pro Engine) > Basiert auf allen bisher gesehenen VT-Ergebnissen. > **Microsoft Defender** ist Pflicht-Check — wird immer explizit ausgewiesen. **Microsoft Defender (Pflicht-Check):** 84.8% Erkennungsrate (648/764 Samples erkannt) | # | Engine | Erkennungsrate | Erkannt / Gesehen | |---|--------|----------------|-------------------| | 1 | Microsoft 🛡️ | 84.8% | 648/764 | | 2 | ESET-NOD32 | 77.6% | 593/764 | | 3 | Kaspersky | 74.4% | 568/763 | | 4 | Google | 74.0% | 565/764 | | 5 | Rising | 69.8% | 533/764 | | 6 | McAfeeD | 69.4% | 530/764 | | 7 | Varist | 66.4% | 507/764 | | 8 | GData | 65.2% | 498/764 | | 9 | Fortinet | 64.9% | 496/764 | | 10 | Tencent | 64.8% | 495/764 | | 11 | Ikarus | 64.5% | 493/764 | | 12 | Cynet | 63.6% | 486/764 | | 13 | CTX | 61.8% | 472/764 | | 14 | Sophos | 61.1% | 467/764 | | 15 | Elastic | 61.0% | 466/764 | ## Betroffene Plattformen | Plattform | Samples | Anteil | |-----------|---------|--------| | 🐧 Linux | 14 | 73.7% | | 🪟 Windows | 4 | 21.1% | | ❓ Unbekannt | 1 | 5.3% | ## Infektionsvektoren | Vektor | Samples | Anteil | |--------|---------|--------| | Unbekannt / nicht bestimmbar | 17 | 89.5% | | C2 / Nachladen | 1 | 5.3% | | MaaS-Loader | 1 | 5.3% | ## Herkunftsländer | # | Land | Samples | Anteil | |---|------|---------|--------| | 1 | 🇩🇪 DE | 14 | 73.7% | | 2 | 🇳🇱 NL | 2 | 10.5% | | 3 | 🇺🇸 US | 2 | 10.5% | | 4 | 🌐 Unbekannt | 1 | 5.3% | ## MITRE ATT&CK > 14 von 19 Samples konnten auf MITRE-Techniken gemappt werden. | Taktik | Betroffene Samples | |--------|-------------------| | Initial Access | 13 | | Lateral Movement | 13 | | Execution | 1 | | Persistence | 1 |
3ef977021623a2699154… – Mirai | 🔴 KRITISCH 84.4/100 | Taktik | Technik | Name | |--------|---------|------| | Initial Access | [T1190](https://attack.mitre.org/techniques/T1190/) | Exploit Public-Facing Application | | Lateral Movement | [T1210](https://attack.mitre.org/techniques/T1210/) | Exploitation of Remote Services |
af4029c076c70e16d60c… – Mirai | 🔴 KRITISCH 84.2/100 | Taktik | Technik | Name | |--------|---------|------| | Initial Access | [T1190](https://attack.mitre.org/techniques/T1190/) | Exploit Public-Facing Application | | Lateral Movement | [T1210](https://attack.mitre.org/techniques/T1210/) | Exploitation of Remote Services |
38c20c35dbb057ce3b8b… – Mirai | 🔴 KRITISCH 84.2/100 | Taktik | Technik | Name | |--------|---------|------| | Initial Access | [T1190](https://attack.mitre.org/techniques/T1190/) | Exploit Public-Facing Application | | Lateral Movement | [T1210](https://attack.mitre.org/techniques/T1210/) | Exploitation of Remote Services |
46211322cdf55293bfc9… – Mirai | 🔴 KRITISCH 84.1/100 | Taktik | Technik | Name | |--------|---------|------| | Initial Access | [T1190](https://attack.mitre.org/techniques/T1190/) | Exploit Public-Facing Application | | Lateral Movement | [T1210](https://attack.mitre.org/techniques/T1210/) | Exploitation of Remote Services |
6f696ecf545ba18eb0f4… – Mirai | 🔴 KRITISCH 84.1/100 | Taktik | Technik | Name | |--------|---------|------| | Initial Access | [T1190](https://attack.mitre.org/techniques/T1190/) | Exploit Public-Facing Application | | Lateral Movement | [T1210](https://attack.mitre.org/techniques/T1210/) | Exploitation of Remote Services |
## VirusTotal > **Farblogik:** 🔴 ROT = kaum erkannt (evasiv/gefährlich), 🟢 GRÜN = breit erkannt > **VT-Fokus:** Windows Office (doc/docx/xls/xlsx), ELF (Linux), Windows-PE (exe/dll) ### [65c071651912721813fb…](https://bazaar.abuse.ch/sample/65c071651912721813fb80153a9a662de6212aedb6a120d8a2275d2092347aa1/) - **Familie:** Mirai - **Erkannt von:** 31 von 76 Engines (40.8%) - **Erkennungsqualität:** 🟠 MÄSSIG ERKANNT - **Häufigster Name:** Trojan.Linux.Mirai.1 - **VT-Reputation:** -12 - **Microsoft Defender:** ✓ **JA** – `Trojan.Linux.Mirai.1` **Erkennende Engines (31/76):** | Engine | Erkannter Name | |--------|----------------| | ALYac | `Trojan.Linux.Mirai.1` | | AVG | `ELF:Mirai-BIJ [Trj]` | | AhnLab-V3 | `Linux/Mirai17.Exp` | | Antiy-AVL | `Trojan[Backdoor]/Linux.Mirai` | | Arcabit | `Trojan.Linux.Mirai.1` | | Avast | `ELF:Mirai-BIJ [Trj]` | | Avast-Mobile | `ELF:Mirai-CAT [Trj]` | | BitDefender 🛡️ | `Trojan.Linux.Mirai.1` | | CTX | `elf.trojan.mirai` | | ClamAV | `Unix.Trojan.Mirai-9907086-0` | | Cynet | `Malicious (score: 99)` | | DrWeb | `Linux.Mirai.9774` | | ESET-NOD32 | `Linux/Mirai.BZK trojan` | | Elastic | `Linux.Generic.Threat` | | Emsisoft | `Trojan.Linux.Mirai.1 (B)` | | GData | `Linux.Trojan.Mirai.G` | | Google | `Detected` | | Ikarus | `Linux.AVI.Bot` | | Kaspersky | `HEUR:Backdoor.Linux.Mirai.es` | | Kingsoft | `Linux.Backdoor.elf.2023767` | | MicroWorld-eScan | `Trojan.Linux.Mirai.1` | | Microsoft 🛡️ | `Backdoor:Linux/Mirai.GC!MTB` | | Rising | `Backdoor.Mirai/Linux!1.1056B (CLASSIC)` | | Sangfor | `Suspicious.Linux.Save.a` | | SentinelOne | `Static AI - Malicious ELF` | | Tencent | `Backdoor.Linux.Mirai.wav` | | TrendMicro | `Backdoor.Linux.MIRAI.SMLBO20` | | TrendMicro-HouseCall | `Backdoor.Linux.MIRAI.SMLBO20` | | VIPRE | `Trojan.Linux.Mirai.1` | | Varist | `E32/Mirai.G.gen!Camelot` | | huorong | `Trojan/Linux.Mirai.l!crit` | ### [6eeb60e728d5f48609de…](https://bazaar.abuse.ch/sample/6eeb60e728d5f48609de671f8bc6f1498674422eb571b8e53b5fd1172c79301e/) - **Familie:** Mirai - **Erkannt von:** 32 von 76 Engines (42.1%) - **Erkennungsqualität:** 🟠 MÄSSIG ERKANNT - **Häufigster Name:** Trojan.Linux.Mirai.1 - **VT-Reputation:** -12 - **Microsoft Defender:** ✓ **JA** – `Trojan.Linux.Mirai.1` **Erkennende Engines (32/76):** | Engine | Erkannter Name | |--------|----------------| | ALYac | `Trojan.Linux.Mirai.1` | | AVG | `ELF:Mirai-BIJ [Trj]` | | AhnLab-V3 | `Linux/Mirai03.Exp` | | Antiy-AVL | `Trojan[Backdoor]/Linux.Mirai` | | Arcabit | `Trojan.Linux.Mirai.1` | | Avast | `ELF:Mirai-BIJ [Trj]` | | Avast-Mobile | `ELF:Mirai-CAT [Trj]` | | BitDefender 🛡️ | `Trojan.Linux.Mirai.1` | | CTX | `elf.trojan.mirai` | | ClamAV | `Unix.Trojan.Mirai-6981989-0` | | Cynet | `Malicious (score: 99)` | | DrWeb | `Linux.Mirai.9774` | | ESET-NOD32 | `Linux/Mirai.BZK trojan` | | Elastic | `Linux.Generic.Threat` | | Emsisoft | `Trojan.Linux.Mirai.1 (B)` | | Fortinet | `ELF/Mirai.AE!tr` | | GData | `Trojan.Linux.Mirai.1` | | Google | `Detected` | | Ikarus | `Trojan.Linux.Mirai` | | Kaspersky | `HEUR:Backdoor.Linux.Mirai.es` | | Kingsoft | `Linux.Backdoor.elf.2023767` | | MicroWorld-eScan | `Trojan.Linux.Mirai.1` | | Microsoft 🛡️ | `Backdoor:Linux/Mirai.BO!xp` | | Rising | `Backdoor.Mirai/Linux!1.1056B (CLASSIC)` | | Sangfor | `Suspicious.Linux.Save.a` | | SentinelOne | `Static AI - Malicious ELF` | | Tencent | `Backdoor.Linux.Mirai.wba` | | TrendMicro | `Possible_MIRAI.SMLBO21` | | TrendMicro-HouseCall | `Possible_MIRAI.SMLBO21` | | VIPRE | `Trojan.Linux.Mirai.1` | | Varist | `E32/Mirai.DR.gen!Eldorado` | | huorong | `Trojan/Linux.Mirai.l!crit` | ### [4cac867a75d44338ead9…](https://bazaar.abuse.ch/sample/4cac867a75d44338ead9c0976c35215de1d8c3f5ee6bc400c5734dfca1d7c8f5/) - **Familie:** Mirai - **Erkannt von:** 32 von 76 Engines (42.1%) - **Erkennungsqualität:** 🟠 MÄSSIG ERKANNT - **Häufigster Name:** Trojan.Linux.Mirai.1 - **VT-Reputation:** -11 - **Microsoft Defender:** ✓ **JA** – `Trojan.Linux.Mirai.1` **Erkennende Engines (32/76):** | Engine | Erkannter Name | |--------|----------------| | ALYac | `Trojan.Linux.Mirai.1` | | AVG | `ELF:Mirai-BIJ [Trj]` | | AhnLab-V3 | `Linux/Mirai11.Exp` | | Antiy-AVL | `Trojan[Backdoor]/Linux.Mirai` | | Arcabit | `Trojan.Linux.Mirai.1` | | Avast | `ELF:Mirai-BIJ [Trj]` | | Avast-Mobile | `ELF:Mirai-CAT [Trj]` | | BitDefender 🛡️ | `Trojan.Linux.Mirai.1` | | CTX | `elf.trojan.mirai` | | ClamAV | `Unix.Trojan.Mirai-9907086-0` | | Cynet | `Malicious (score: 99)` | | DrWeb | `Linux.Mirai.9774` | | ESET-NOD32 | `Linux/Mirai.BZK trojan` | | Elastic | `Linux.Generic.Threat` | | Emsisoft | `Trojan.Linux.Mirai.1 (B)` | | Fortinet | `ELF/Mirai.L!tr` | | GData | `Trojan.Linux.Mirai.1` | | Google | `Detected` | | Ikarus | `Trojan.Linux.Gafgyt` | | Kaspersky | `HEUR:Backdoor.Linux.Mirai.es` | | Kingsoft | `Linux.Backdoor.elf.2023767` | | MicroWorld-eScan | `Trojan.Linux.Mirai.1` | | Microsoft 🛡️ | `Backdoor:Linux/Mirai.FG!MTB` | | Rising | `Backdoor.Mirai/Linux!1.1056B (CLASSIC)` | | Sangfor | `Suspicious.Linux.Save.a` | | SentinelOne | `Static AI - Malicious ELF` | | Tencent | `Backdoor.Linux.Mirai.waz` | | TrendMicro | `Possible_MIRAI.SMLBO14` | | TrendMicro-HouseCall | `Possible_MIRAI.SMLBO14` | | VIPRE | `Trojan.Linux.Mirai.1` | | Varist | `E32/Mirai.G.gen!Camelot` | | huorong | `Trojan/Linux.Mirai.l!crit` | ### [5ee560d056ca8523e499…](https://bazaar.abuse.ch/sample/5ee560d056ca8523e4994dec9b401d8d8aab0cb112d36af2453c9ea93a0e62cb/) - **Familie:** Mirai - **Erkannt von:** 32 von 76 Engines (42.1%) - **Erkennungsqualität:** 🟠 MÄSSIG ERKANNT - **Häufigster Name:** Trojan.Linux.Mirai.1 - **VT-Reputation:** -13 - **Microsoft Defender:** ✓ **JA** – `Trojan.Linux.Mirai.1` **Erkennende Engines (32/76):** | Engine | Erkannter Name | |--------|----------------| | ALYac | `Trojan.Linux.Mirai.1` | | AVG | `ELF:Mirai-BIJ [Trj]` | | AhnLab-V3 | `Linux/Mirai09.Exp` | | Antiy-AVL | `Trojan[Backdoor]/Linux.Mirai` | | Arcabit | `Trojan.Linux.Mirai.1` | | Avast | `ELF:Mirai-BIJ [Trj]` | | Avast-Mobile | `ELF:Mirai-CAT [Trj]` | | BitDefender 🛡️ | `Trojan.Linux.Mirai.1` | | CTX | `elf.trojan.mirai` | | ClamAV | `Unix.Dropper.Mirai-7135957-0` | | Cynet | `Malicious (score: 99)` | | DrWeb | `Linux.Mirai.9774` | | ESET-NOD32 | `Linux/Mirai.BZK trojan` | | Elastic | `Linux.Generic.Threat` | | Emsisoft | `Trojan.Linux.Mirai.1 (B)` | | Fortinet | `ELF/Agent.BA!tr` | | GData | `Trojan.Linux.Mirai.1` | | Google | `Detected` | | Ikarus | `Trojan.Linux.Multiverze` | | Kaspersky | `HEUR:Backdoor.Linux.Mirai.es` | | Kingsoft | `Linux.Backdoor.elf.2023767` | | MicroWorld-eScan | `Trojan.Linux.Mirai.1` | | Microsoft 🛡️ | `Backdoor:Linux/Mirai.BL!xp` | | Rising | `Backdoor.Mirai/Linux!1.1056B (CLASSIC)` | | Sangfor | `Suspicious.Linux.Save.a` | | SentinelOne | `Static AI - Malicious ELF` | | Tencent | `Backdoor.Linux.Mirai.was` | | TrendMicro | `Possible_MIRAI.SMLBO21` | | TrendMicro-HouseCall | `Possible_MIRAI.SMLBO21` | | VIPRE | `Trojan.Linux.Mirai.1` | | Varist | `E32/Mirai.G.gen!Camelot` | | huorong | `Trojan/Linux.Mirai.l!crit` | ### [5ea579e8fa695b2312ed…](https://bazaar.abuse.ch/sample/5ea579e8fa695b2312ed199ff228784e4be3a8f3319afa18c40955f926336057/) ⭐ **WOCHEN-SAMPLE** - **Familie:** ValleyRAT - **Erkannt von:** 40 von 76 Engines (52.6%) - **Erkennungsqualität:** 🟠 MÄSSIG ERKANNT - **Häufigster Name:** Gen:Variant.Giant.Midie.604 - **VT-Reputation:** -12 - **Microsoft Defender:** ✓ **JA** – `Trojan:Win32/Wacatac.B!ml` **Erkennende Engines (40/76):** | Engine | Erkannter Name | |--------|----------------| | ALYac | `Gen:Variant.Giant.Midie.604` | | APEX | `Malicious` | | AhnLab-V3 | `Trojan/Win.Injector.X2247` | | Alibaba | `Trojan:Win64/Aotera.3ed55e58` | | Antiy-AVL | `Trojan/Win64.Aotera` | | Arcabit | `Trojan.Giant.Midie.604` | | CAT-QuickHeal | `cld.trojan.win64` | | CTX | `exe.trojan.aotera` | | Cylance | `Unsafe` | | Cynet | `Malicious (score: 99)` | | DeepInstinct | `MALICIOUS` | | ESET-NOD32 | `Win64/Aotera.DV trojan` | | Emsisoft | `Gen:Variant.Giant.Midie.604 (B)` | | Fortinet | `W64/Aotera.BF!tr` | | GData | `Gen:Variant.Giant.Midie.604` | | Google | `Detected` | | Gridinsoft | `Trojan.Win32.Downloader.sa` | | Ikarus | `Win32.Outbreak` | | K7AntiVirus | `Trojan ( 006dbea21 )` | | K7GW | `Trojan ( 006dbea21 )` | | Kaspersky | `UDS:Trojan.Win64.Generic` | | Kingsoft | `Win64.Trojan.Generic.a` | | Lionic | `Trojan.Win32.Adload.tt1X` | | Malwarebytes | `Malware.AI.401317728` | | MaxSecure | `Trojan.Malware.326164669.susgen` | | McAfeeD | `ti!5EA579E8FA69` | | MicroWorld-eScan | `Gen:Variant.Giant.Midie.604` | | Microsoft 🛡️ | `Trojan:Win32/Wacatac.B!ml` | | Paloalto | `generic.ml` | | Rising | `Trojan.Aotera!8.1D79F (CLOUD)` | | Sangfor | `Trojan.Win64.Aotera.Vnvx` | | Sophos | `Mal/Generic-S` | | Symantec | `Trojan.Gen.MBT` | | Tencent | `Win64.Trojan.Generic.Jajl` | | TrendMicro | `Backdoor.Win32.VALLEYRAT.YXGDAZ` | | TrendMicro-HouseCall | `Backdoor.Win32.VALLEYRAT.YXGDAZ` | | VIPRE | `Gen:Variant.Giant.Midie.604` | | Varist | `W64/Kryptik.NZT.gen!Eldorado` | | VirIT | `Trojan.Win32.NSISGenT.AGOS` | | alibabacloud | `Trojan:Win/Aotera.DY` | ## Top Tags - **Mirai** (13×) - **elf** (12×) - **exe** (2×) - **sh** (2×) - **RAT** (1×) - **ValleyRAT** (1×) - **hailBot** (1×) - **upx-dec** (1×) - **upx** (1×) - **dropped-by-Amadey** (1×) - **EternalRocks** (1×) - **fbf543** (1×) - **msi** (1×) - **dropped-by-GCleaner** (1×) - **E** (1×) ## Änderungen – 24h-Vergleich - Noch keine 24h-Daten verfügbar. ## Änderungen – 7d-Vergleich - Noch keine 7d-Daten verfügbar. ## Statistik | Kennzahl | Wert | |----------|------| | Ø Dateigröße | 0.632 MB | | σ Dateigröße | 1.849 MB | | Ø Risiko-Score | 75.0/100 | | Ø Klassifikations-Konfidenz | 82.4% | | Samples mit VT | 5/19 | | Samples mit MITRE | 14/19 | | Eindeutige Familien | 5 | | Eindeutige Tags | 17 | | Unbekannte Familien | 2 (10.5%) | ## Neueste Samples | Zeit (UTC) | SHA256 | Typ | Familie | Score | VT-Rate | Erkennungsqualität | Land | |-----------|--------|-----|---------|-------|---------|-------------------|------| | 22:23 | [3ef977021623…](https://bazaar.abuse.ch/sample/3ef977021623a2699154204ca9e45d33d6c82b41d702f04254abfe21d268d98b/) | `elf` | Mirai | 84.4 | – | – | 🇩🇪DE | | 22:17 | [65c071651912…](https://bazaar.abuse.ch/sample/65c071651912721813fb80153a9a662de6212aedb6a120d8a2275d2092347aa1/) | `elf` | Mirai | 78.2 | 40.8% | 🟠 MÄSSIG ERKANNT | 🇩🇪DE | | 22:11 | [6eeb60e728d5…](https://bazaar.abuse.ch/sample/6eeb60e728d5f48609de671f8bc6f1498674422eb571b8e53b5fd1172c79301e/) | `elf` | Mirai | 77.8 | 42.1% | 🟠 MÄSSIG ERKANNT | 🇩🇪DE | | 22:11 | [af4029c076c7…](https://bazaar.abuse.ch/sample/af4029c076c70e16d60cc07d811487c62168190f4a0934e8f098be2965812a9a/) | `elf` | Mirai | 84.2 | – | – | 🇩🇪DE | | 22:08 | [38c20c35dbb0…](https://bazaar.abuse.ch/sample/38c20c35dbb057ce3b8b0f7d05af60d37176158339ca31caae044e0723ac0fe5/) | `elf` | Mirai | 84.2 | – | – | 🇩🇪DE | --- *Daten: [MalwareBazaar](https://bazaar.abuse.ch) × [VirusTotal](https://virustotal.com) — 04.04.2026 22:34 UTC*