MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e1e849fc65cd435d469dcfea490d2481eff33e553e0960cd9e0456ae50c0bf9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e1e849fc65cd435d469dcfea490d2481eff33e553e0960cd9e0456ae50c0bf9
SHA3-384 hash: c7a04ca3574ce20d600b4f4c558521712b4cba46b241d6da32eb88045a0853361e81d7d8b56dba77dd0292ccffdb5312
SHA1 hash: 4b3b8d187bac7e5ede2675c1061a5d6aa2a501ea
MD5 hash: 18873e53e3eec847e2c3cb1f51b947a6
humanhash: friend-delaware-california-august
File name:db0fa4b8db0333367e9bda3ab68b8042.arm5
Download: download sample
Signature Mirai
Create hunting rule
File size:29'796 bytes
First seen:2025-11-25 06:45:14 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 384:ZrCWVPx1ywaPPtxGJPRGdyl0yYzA8yktL/2ZzIPasfHzRMOjEEImdGU5Ezr:FlzyrdxG6Yz8yyZPasfTRZED3Uor
TLSH T1F7D2D0728A927032C9B237B3E7F5558C268D4BF0AAD25067672863798D190C9E3FE447
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf gafgyt UPX
File size (compressed) :29'796 bytes
File size (de-compressed) :72'112 bytes
Format:linux/arm
Unpacked file: 09fde96be3d71a97562e74640c5765e7d7cc9f743610be7387e852d778939cee

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Mirai-9894781-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/2e1e849fc65cd435d469dcfea490d2481eff33e553e0960cd9e0456ae50c0bf9
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-11-25T04:18:00Z UTC
Last seen:
2025-11-25T16:05:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/2e1e849fc65cd435d469dcfea490d2481eff33e553e0960cd9e0456ae50c0bf9/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f3825e2f-f331-4c77-8e04-423b6e930420
Behavior Graph:
Download SVG
%3 guuid=64120bcf-1900-0000-21e5-f775700c0000 pid=3184 /usr/bin/sudo guuid=d0d8c4d0-1900-0000-21e5-f775770c0000 pid=3191 /tmp/sample.bin guuid=64120bcf-1900-0000-21e5-f775700c0000 pid=3184->guuid=d0d8c4d0-1900-0000-21e5-f775770c0000 pid=3191 execve
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/690a9419-4798-4fa2-aebf-3c4815a748da
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1820361
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/2e1e849fc65cd435d469dcfea490d2481eff33e553e0960cd9e0456ae50c0bf9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e1e849fc65cd435d469dcfea490d2481eff33e553e0960cd9e0456ae50c0bf9/
Threat name:
Linux.Backdoor.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2025-11-25 06:45:47 UTC
File Type:
ELF32 Little (Exe)
AV detection:
22 of 38 (57.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fypijh6gltkdlvdj3t7kjegsjapp6m7fkpqjmdgz4bcwvzimbp4q._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
upx
Link:
https://tria.ge/reports/251125-hjfgnaxray/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-9894781-0
YARA:
n/a
Link:
https://app.threat.zone/submission/1aa978fa-32bb-4333-9b4a-8dfd884209fa
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2e1e849fc65cd435d469dcfea490d2481eff33e553e0960cd9e0456ae50c0bf9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 2e1e849fc65cd435d469dcfea490d2481eff33e553e0960cd9e0456ae50c0bf9

(this sample)

Mirai

elf 09fde96be3d71a97562e74640c5765e7d7cc9f743610be7387e852d778939cee

  
URLhaus
https://urlhaus.abuse.ch/url/3669728/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 09fde96be3d71a97562e74640c5765e7d7cc9f743610be7387e852d778939cee
  
Dropping
MD5 4541ca0d64668a28bd4a9198a369aa96
  
URLhaus
https://urlhaus.abuse.ch/url/3669706/
  
URLhaus
https://urlhaus.abuse.ch/url/3716491/

Comments