MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fa16f284dc2d50cf232075e26fdd5d21d6fa2605f49f1cdb78269509b45ae11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fa16f284dc2d50cf232075e26fdd5d21d6fa2605f49f1cdb78269509b45ae11
SHA3-384 hash: 232aea3dd6dec6a939e98bc6d2699ee4cebcc36c46ce21e705dfc59c082017407e791cb9035d48939b36c000c7fba663
SHA1 hash: 8a866e8974223aff5b48b63cd07dc10867f89142
MD5 hash: 56913d49f0a611a2a2cc34dbec71819b
humanhash: mobile-finch-nevada-july
File name:Josho.m68k
Download: download sample
Signature Mirai
Create hunting rule
File size:41'380 bytes
First seen:2026-01-09 07:52:24 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:VYeYwBV2ITQvqgZOXXqpJi9Wwpfk32wA8X18gl2+HO+m2HBFFRIsdy:2+qpJpwm32F8X18gl4+mmBbK7
TLSH T1E9033B96F802AD7DF85FE67E4023490DF960B70561830E2693BBFC577C3A2A49A53E41
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
DE DE
Vendor Threat Intelligence
Malware configuration found for:
Mirai
Details
Mirai
an XOR decryption key and at least a c2 socket address
Link:
https://research.acce.ciphertechsolutions.com/results/3ffcfb38-0d7a-4f59-8373-d02db8c43961/
Detection(s):
Unix.Trojan.Mirai-6981989-0
Create hunting rule

Unix.Trojan.Mirai-9940650-0
Create hunting rule

Unix.Trojan.Mirai-10018298-0
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
masquerade mirai
Link:
https://www.filescan.io/uploads/6960b3c207ef5fa68e8254fe/reports/262ece51-06c8-4631-bac2-e0845d037632/overview
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2026-01-09T04:59:00Z UTC
Last seen:
2026-01-10T12:48:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/3fa16f284dc2d50cf232075e26fdd5d21d6fa2605f49f1cdb78269509b45ae11/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f02303f1-3abb-4558-90fb-8da7f977e620
Behavior Graph:
Download SVG
%3 guuid=e1347331-1a00-0000-7e5d-b9e4ad090000 pid=2477 /usr/bin/sudo guuid=8e2ca733-1a00-0000-7e5d-b9e4b6090000 pid=2486 /tmp/sample.bin guuid=e1347331-1a00-0000-7e5d-b9e4ad090000 pid=2477->guuid=8e2ca733-1a00-0000-7e5d-b9e4b6090000 pid=2486 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1a69aeb3-dfaa-4c3c-861f-0d16df17b7ab
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1847127
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1847127 Sample: Josho.m68k.elf Startdate: 09/01/2026 Architecture: LINUX Score: 48 18 87.121.112.123, 57386, 57388, 911 NETERRA-ASBG Bulgaria 2->18 20 54.247.62.1, 443, 52464 AMAZON-02US United States 2->20 22 Multi AV Scanner detection for submitted file 2->22 8 Josho.m68k.elf 2->8         started        10 dash rm 2->10         started        12 dash rm 2->12         started        signatures3 process4 process5 14 Josho.m68k.elf 8->14         started        process6 16 Josho.m68k.elf 14->16         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/3fa16f284dc2d50cf232075e26fdd5d21d6fa2605f49f1cdb78269509b45ae11
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3fa16f284dc2d50cf232075e26fdd5d21d6fa2605f49f1cdb78269509b45ae11/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/3fa16f284dc2d50cf232075e26fdd5d21d6fa2605f49f1cdb78269509b45ae11
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-09 07:40:49 UTC
File Type:
ELF32 Big (Exe)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h6qw6kcnylkqz4rsa5pcn7ov2iow7ital5e7dtnxqjuvbg2fvyiq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai linux
Link:
https://tria.ge/reports/260109-jqm1rady2h/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-6981989-0
YARA:
n/a
Link:
https://app.threat.zone/submission/c6fddd39-94e1-46ec-a2d8-f79be60cc0a9
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/3fa16f284dc2d50cf232075e26fdd5d21d6fa2605f49f1cdb78269509b45ae11

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 3fa16f284dc2d50cf232075e26fdd5d21d6fa2605f49f1cdb78269509b45ae11

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3754086/
  
Delivery method
Distributed via web download

Comments