MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 011323a27015402862c40bd58211e58f1c0bab3a25aca6f98abe2fd6303dad66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA 4 File information Comments

SHA256 hash:	011323a27015402862c40bd58211e58f1c0bab3a25aca6f98abe2fd6303dad66
SHA3-384 hash:	12aa5b36ccab6b2c283e66d22e9c44e09336d9886f4e16310b39096b4108cfee5fbe776aaa0c31c7032ed8b10f386cea
SHA1 hash:	9385715796a3e4932d0d849d8351d65485336f55
MD5 hash:	bcb2bdc9b080654ec6a25dff7bcf774f
humanhash:	north-maine-friend-asparagus
File name:	nwfaiehg4ewijfgriehgirehaughrarg.arm
Download:	download sample
Signature	Mirai Create hunting rule
File size:	91'948 bytes
First seen:	2026-02-14 02:49:44 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:kU+tmIjkv8P+V/Q4EFi53lMVAb+H1RoeNpV77W1QCg1vvMBYs:kUumEkv8fi5VMVAbe1RoU7qaR
TLSH	T1B5934A55FD819A12C6C112B7FB6E028D372713A8E2EE32039D256F2173CB91B0E7B555
telfhash	t175413fb55f9c0fdc37e58384468e222e5be435fa07007a9a8f0eab5f4492ac2715d432
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 12d3e721fed2446f93fe6b03206d958f13fb9cbe537211fef417d29ed9b25694

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	41'052 bytes
File size (de-compressed) :	91'948 bytes
Format:	linux/arm
Packed file:	12d3e721fed2446f93fe6b03206d958f13fb9cbe537211fef417d29ed9b25694

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

Mirai

Details

Mirai

an XOR decryption key and at least a c2 socket address

Link:

https://research.acce.ciphertechsolutions.com/results/ff813b2a-8aa4-48fa-a4e3-f41af7e30ae2/

Detection(s):

Unix.Trojan.Mirai-10056451-0

Unix.Trojan.Mirai-10056463-0

Unix.Trojan.Mirai-10057788-0

Unix.Trojan.Mirai-10058922-0

Unix.Trojan.Mirai-10059005-0

Unix.Trojan.Mirai-10059006-0

Unix.Trojan.Mirai-10059216-0

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

masquerade mirai rust

Link:

https://www.filescan.io/uploads/698fe2fb930564ff3ca08960/reports/64bdbd45-4a1e-4b11-978a-0bc87a478884/overview

Result

Gathering data

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/057f813c-dbfa-428e-aff3-02a3a5e495b3

Behavior Graph:

Download SVG

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/1b7d0467-2be0-4754-a9d5-6f71e97f7472

Result

Threat name:

n/a

Detection:

malicious

Classification:

troj.evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1869458

Signature

Deletes system log files

Manipulation of devices in /dev

Multi AV Scanner detection for submitted file

Uses dynamic DNS services

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/011323a27015402862c40bd58211e58f1c0bab3a25aca6f98abe2fd6303dad66

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/011323a27015402862c40bd58211e58f1c0bab3a25aca6f98abe2fd6303dad66/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2026-02-14 02:51:01 UTC

File Type:

ELF32 Little (Exe)

AV detection:

17 of 36 (47.22%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=aejshitqcvacqywebpkyeepfr4oaxkz2ewwkn6mkxyx5mmb5vvta._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai

Link:

https://tria.ge/reports/260214-dbywtafy9f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/011323a27015402862c40bd58211e58f1c0bab3a25aca6f98abe2fd6303dad66

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	ELF_Toriilike_persist Create hunting rule
Author:	4r4
Description:	Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:	Identified via researched data

Rule name:	Linux_Generic_Threat_d94e1020 Create hunting rule
Author:	Elastic Security

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 12d3e721fed2446f93fe6b03206d958f13fb9cbe537211fef417d29ed9b25694

Mirai

elf 011323a27015402862c40bd58211e58f1c0bab3a25aca6f98abe2fd6303dad66

(this sample)

Dropped by

SHA256 12d3e721fed2446f93fe6b03206d958f13fb9cbe537211fef417d29ed9b25694

URLhaus

https://urlhaus.abuse.ch/url/3777550/

Delivery method

Distributed via web download

Dropped by

MD5 c8207143791287a0b48b2e004b3366eb

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample