MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 119df3d994ea01cccc3751df3a7e674eee90cb2d1dce492f1e027542e9a544eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	119df3d994ea01cccc3751df3a7e674eee90cb2d1dce492f1e027542e9a544eb
SHA3-384 hash:	4cd24da0d01d1e9e5bb695252a2ebbc2f170369d7cbfbcdb1f85345a754090af523264592ad51ce4a7afc3dff52fb081
SHA1 hash:	3ea5e58cadcd03e6ca95118571d191db1cb2ebc5
MD5 hash:	fa1253def33a06e0f6d5050704aa1334
humanhash:	beryllium-blue-crazy-six
File name:	boatnet.arm5
Download:	download sample
Signature	Mirai Create hunting rule
File size:	22'244 bytes
First seen:	2025-11-01 03:56:20 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	384:zOTec4Qq28dNSrGxwmI+mCsOWbckgtUdyismYi2jvjhymdGUop5hX2:zOizQq28CrGxKCP/ky68Ls3UozJ2
TLSH	T177A2D0A2D29396B1D2508936EB7C88926ED0CBBDF3FB30B3103141D611C5A9646FA1D4
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai UPX

UPX packed

This file is packed with UPX. We have therefore unpacked the file. Below is furhter information about the unpacked (de-compressed) file.

File size (compressed) :	22'244 bytes
File size (de-compressed) :	63'820 bytes
Format:	linux/arm
Unpacked file:	c992b16ef8cb31fb7998cff5c7d1ce665830d4b6cdae11c48d6758fdb1f26690

Intelligence

File Origin

# of uploads :

# of downloads :

102

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Mirai-18.UNOFFICIAL

Unix.Trojan.Mirai-8274771-0

Result

Verdict:

Malware

Maliciousness:

Gathering data

Verdict:

Malicious

File Type:

elf.32.le

First seen:

2025-10-06T23:19:00Z UTC

Last seen:

2025-11-01T10:18:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/119df3d994ea01cccc3751df3a7e674eee90cb2d1dce492f1e027542e9a544eb/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/45608f02-a23a-4679-9282-75f738bc71ba

Behavior Graph:

Download SVG

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/23f6e1fe-8e76-4972-9dda-70ade2b7ae58

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1806154

Signature

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/119df3d994ea01cccc3751df3a7e674eee90cb2d1dce492f1e027542e9a544eb

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/119df3d994ea01cccc3751df3a7e674eee90cb2d1dce492f1e027542e9a544eb/

Threat name:

Linux.Backdoor.Mirai

Status:

Malicious

First seen:

2025-10-07 05:06:25 UTC

File Type:

ELF32 Little (Exe)

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cgo7hwmu5ia4ztbxkhptu7thj3xjbszndxhesly6aj2uf2nfitvq._file

Result

Malware family:

n/a

Score:

5/10

Tags:

upx

Link:

https://tria.ge/reports/251101-ehqdpacs4h/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/119df3d994ea01cccc3751df3a7e674eee90cb2d1dce492f1e027542e9a544eb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.