MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e81594a355ea6d26e244d624ec76f9382eb7a7fd15513cd4c269343d3e5a05d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e81594a355ea6d26e244d624ec76f9382eb7a7fd15513cd4c269343d3e5a05d
SHA3-384 hash: 3865429ad08cd199a3123d1de091ebfbe4a32f2ff3bb8c63d512d2cd11d7692f41bee1090e4d3ff28274a1234843f66e
SHA1 hash: 166d2f21f1f6d7000294f9ca36cb01406747ab3a
MD5 hash: 333e8ff23c628a62113ab094ebcc9cd3
humanhash: princess-bacon-early-kilo
File name:kwari.arm6
Download: download sample
Signature Mirai
Create hunting rule
File size:41'976 bytes
First seen:2026-02-16 02:08:44 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:TZn3xRZ0nkmkxntBM1V7urBAJT8TJzV7tgWB8h4HuS9WL6Dw1sAGvNPeoFigQo:TZn3xRZOk3U1V6V8glRZgWBP/0GX+o
TLSH T1ED13B496BCC28A2645E817BAB93D01DD332167F9D1DBB2238C145F1437CA91F0EA3696
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
Malware configuration found for:
Mirai
Details
Link:
https://research.acce.ciphertechsolutions.com/results/cd0e3017-0337-41c6-882f-3cc6c78116c0/
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/3e81594a355ea6d26e244d624ec76f9382eb7a7fd15513cd4c269343d3e5a05d
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/d977ab5d-e5e4-4a82-835a-9ba65369ddc6
Behavior Graph:
Download SVG
%3 guuid=3894cdcb-1600-0000-aa64-beb98f0f0000 pid=3983 /usr/bin/sudo guuid=bd519ecd-1600-0000-aa64-beb9990f0000 pid=3993 /tmp/sample.bin guuid=3894cdcb-1600-0000-aa64-beb98f0f0000 pid=3983->guuid=bd519ecd-1600-0000-aa64-beb9990f0000 pid=3993 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/7b6305a3-b4ec-4d24-a8c7-0ee122f450bb
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1869722
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/3e81594a355ea6d26e244d624ec76f9382eb7a7fd15513cd4c269343d3e5a05d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e81594a355ea6d26e244d624ec76f9382eb7a7fd15513cd4c269343d3e5a05d/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/3e81594a355ea6d26e244d624ec76f9382eb7a7fd15513cd4c269343d3e5a05d
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-02-16 02:10:48 UTC
AV detection:
8 of 37 (21.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2avssrvl2tne3rejvre5r3psobow6t72fkrhtkme2juhu7fuboq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai
Link:
https://tria.ge/reports/260216-ck88gahz6d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3e81594a355ea6d26e244d624ec76f9382eb7a7fd15513cd4c269343d3e5a05d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 3e81594a355ea6d26e244d624ec76f9382eb7a7fd15513cd4c269343d3e5a05d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3777950/
  
Delivery method
Distributed via web download

Comments