Trojan:Linux/Mirai.A!xg - ThreatCheck.sh

user@threatcheck.sh ~ threat-analysis

bash

$ analyze-threat Trojan:Linux/Mirai.A!xg

Trojan:Linux/Mirai.A!xg - Windows Defender threat signature analysis

$ cat analysis.txt

=== THREAT ANALYSIS REPORT ===

Threat Name: Trojan:Linux/Mirai.A!xg

Classification:

Type:Trojan

Platform:Linux

Family:Mirai

Detection Type:Concrete

Known malware family with identified signatures

Variant:A

Specific signature variant within the malware family

Suffix:!xg

Confidence:Very High

False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for Linux platform, family Mirai

Summary:

Trojan:Linux/Mirai.A!xg is a concrete detection of a Mirai botnet variant primarily designed to infect Linux-based devices, particularly IoT, to incorporate them into a botnet. Infected systems are used to launch distributed denial-of-service (DDoS) attacks and other malicious activities. The presence of Windows-specific strings like `msinfo.exe` and `schtasks` commands could suggest multi-platform capabilities, a complex infection chain involving Windows hosts, or an attempt to clean up traces in a mixed environment.

Severity:

Critical

VDM Static Detection:

Relevant strings associated with this threat:
 - /ver.txt (PEHSTR_EXT)
 - /update.txt (PEHSTR_EXT)
 - http://%s:8888/ (PEHSTR_EXT)
 - \msinfo.exe (PEHSTR_EXT)
 - /delete /f /tn msinfo (PEHSTR_EXT)
 - |#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - }#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - &|#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - &}#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - y*|#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - y*}#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - C|#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - C}#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - L|#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - L}#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - |#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - }#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - |#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - }#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - |#d3e037e1-3eb8-44c8-a917-57927947596d (NID)
 - }#d3e037e1-3eb8-44c8-a917-57927947596d (NID)
 - |#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID)
 - }#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID)
 - |#92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b (NID)
 - }#92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b (NID)

Known malware which is associated with this threat:

Filename: Mercury.ppc

7d97ed27edfab9ca8e2c729a2bf6970890561bb893cbeaace55f00e9cd4b3d2e

13/12/2025

→VirusTotal ↓Download Sample

Remediation Steps:

Immediately isolate the affected system to prevent botnet participation and further compromise. Perform a full system scan with updated antivirus software to ensure complete eradication. Identify and patch all underlying vulnerabilities (e.g., weak credentials, unpatched firmware/software) that allowed the initial infection. Finally, review network logs and monitor for suspicious outbound connections and C2 activity.

=== END REPORT ===

$ reanalyze-threat

This analysis was last updated on 13/12/2025. Do you want to analyze it again?

$ ls available-commands/

→ cd /home

user@threatcheck.sh:~$ ▊

Trojan:Linux/Mirai.A!xg - Windows Defender Threat Analysis