MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1da8cb5ae6ce618ec8d790e052802f5ccd880f0c84ce5ba9364df366640fe485. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1da8cb5ae6ce618ec8d790e052802f5ccd880f0c84ce5ba9364df366640fe485
SHA3-384 hash: e1b4366ef21c08a51145540183a0abefadb801eb892517c22386d00ef2ae1ed3d0c89c6f1e4e6c359b19b1ca76a55a11
SHA1 hash: 00e8fbcaeae6f3ae0f9f68bc980aac20131c32bb
MD5 hash: 3d783fe4c226282ffa5a9e58a79cf785
humanhash: twenty-solar-zebra-two
File name:mpsl
Download: download sample
Signature Mirai
Create hunting rule
File size:46'684 bytes
First seen:2026-06-01 11:13:20 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:YvNqQjJge6Pb7KY1aKzD+o6l5V87aFeuDFNQ6T3k5anZrXKWiB:Y17Jl6Pnv1C5VOHy93trXqB
TLSH T15B23E09BDC605545CBEEAC357CBC43A55E20348A33FA97198B408E813AB584B68DC4FD
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter BlinkzSec
Tags:mirai UPX
File size (compressed) :46'684 bytes
File size (de-compressed) :122'272 bytes
Format:linux/mipsel
Unpacked file: 71b24afdf8c4e0c5b9d43446643f5140a0e025694558a44f1c260e0d0dcaf8e5

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
RO RO
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/5936b18c-194e-4398-a812-456fc43b3f55/
Detection(s):
SecuriteInfo.com.Linux.Mirai-20.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sends data to a server
DNS request
Runs as daemon
Substitutes an application name
Traces processes
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
packed upx
Link:
https://www.filescan.io/uploads/6a1d6996099ef368af12e1e0/reports/0672ac37-979b-4afb-a43f-155eb96162b0/overview
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2026-05-30T10:30:00Z UTC
Last seen:
2026-06-03T04:26:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/1da8cb5ae6ce618ec8d790e052802f5ccd880f0c84ce5ba9364df366640fe485/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8eec7864-2e79-4e1c-9858-84703d1b0654
Behavior Graph:
Download SVG
%3 guuid=13bfd30c-1b00-0000-d75b-e06c750b0000 pid=2933 /usr/bin/sudo guuid=3c108610-1b00-0000-d75b-e06c760b0000 pid=2934 /tmp/sample.bin guuid=13bfd30c-1b00-0000-d75b-e06c750b0000 pid=2933->guuid=3c108610-1b00-0000-d75b-e06c760b0000 pid=2934 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c4c33a29-bab5-4ea7-afbc-19be9b00b445
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/1da8cb5ae6ce618ec8d790e052802f5ccd880f0c84ce5ba9364df366640fe485
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1da8cb5ae6ce618ec8d790e052802f5ccd880f0c84ce5ba9364df366640fe485/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-05-30 18:33:24 UTC
File Type:
ELF32 Little (Exe)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dwumwwxgzzqy5sgxsdqffabpltgyqdymqthfxkjwjxzwmzap4scq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet credential_access discovery upx
Link:
https://tria.ge/reports/260601-nbpy1shx7x/
Behaviour
Reads runtime system information
Changes its process name
Reads process memory
Enumerates running processes
Traces itself
Family: Mirai
Malware Config
C2 Extraction:
idknotherefucku.followz.st
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1da8cb5ae6ce618ec8d790e052802f5ccd880f0c84ce5ba9364df366640fe485

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 1da8cb5ae6ce618ec8d790e052802f5ccd880f0c84ce5ba9364df366640fe485

(this sample)

Mirai

elf 71b24afdf8c4e0c5b9d43446643f5140a0e025694558a44f1c260e0d0dcaf8e5

  
URLhaus
https://urlhaus.abuse.ch/url/3856994/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 71b24afdf8c4e0c5b9d43446643f5140a0e025694558a44f1c260e0d0dcaf8e5
  
Dropping
MD5 849f395985414ba646dc78ee750ed89d

Comments