MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 426afd1f43ab7b2f33d03f4c9f981507ff3ff58bc955ecf1d76e56c3e208d481. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 426afd1f43ab7b2f33d03f4c9f981507ff3ff58bc955ecf1d76e56c3e208d481
SHA3-384 hash: 144d13a5478a2bae4ef8c55df74dc76453aceb51498f8b40b1643e6831a43714a9996405cf7816ba9741b21ae4bdfb87
SHA1 hash: bc74c539bc22d0cd8b4fef0491a25570fd5f73b1
MD5 hash: c56fa20238e392b7e9927bf04cc08d4e
humanhash: lamp-maryland-enemy-moon
File name:nabarm7
Download: download sample
Signature Mirai
Create hunting rule
File size:67'620 bytes
First seen:2025-12-31 01:08:40 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:tNnvGBbqbZNsmEzXHweKGLr4hDetoMProQT5iclz9lhUirZKXPZu+7R7:fGBebZN1SHweKGLrKStpDxTgQRZKfZu+
TLSH T14663E84AFD819F15D5D565BAFE0E528D33534BA8E3FE72039E146B2467CA82B0F3A401
telfhash t194111f08ca484eaa5f104984f38e036b3a5a7770b6331a427df9b81f5f928f35532866
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.31075.LX.BOT.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-7755770-0
Create hunting rule

Unix.Trojan.Mirai-9885259-0
Create hunting rule

Unix.Trojan.Mirai-10008934-0
Create hunting rule

Unix.Trojan.Gafgyt-6735924-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai rust
Link:
https://www.filescan.io/uploads/695477bb2fb7bb52ca82cdc0/reports/fd16217d-31ac-4ad0-916a-470be0a75db3/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/47f88279-fac0-4fd6-b039-a035fa0963a1
Behavior Graph:
Download SVG
%3 guuid=408f056c-1a00-0000-49d9-3aefac090000 pid=2476 /usr/bin/sudo guuid=d65b2a6e-1a00-0000-49d9-3aefb2090000 pid=2482 /tmp/sample.bin guuid=408f056c-1a00-0000-49d9-3aefac090000 pid=2476->guuid=d65b2a6e-1a00-0000-49d9-3aefb2090000 pid=2482 execve
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7340397b-7fe1-4bfe-8a9c-3a74b0f06204
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1842498
Signature
Multi AV Scanner detection for submitted file
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1842498 Sample: nabarm7.elf Startdate: 31/12/2025 Architecture: LINUX Score: 56 22 103.3.210.102, 23 WIRELESSNET-IDPTWIRELESSINDONESIAWINID Indonesia 2->22 24 103.3.147.24, 23 VERTELNETVerticalTelecomsPtyLtdAU Australia 2->24 26 100 other IPs or domains 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Yara detected Mirai 2->30 8 nabarm7.elf 2->8         started        10 dash rm 2->10         started        12 dash rm 2->12         started        signatures3 process4 process5 14 nabarm7.elf 8->14         started        process6 16 nabarm7.elf 14->16         started        18 nabarm7.elf 14->18         started        20 nabarm7.elf 14->20         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/426afd1f43ab7b2f33d03f4c9f981507ff3ff58bc955ecf1d76e56c3e208d481
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/426afd1f43ab7b2f33d03f4c9f981507ff3ff58bc955ecf1d76e56c3e208d481/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/426afd1f43ab7b2f33d03f4c9f981507ff3ff58bc955ecf1d76e56c3e208d481
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-31 01:09:17 UTC
File Type:
ELF32 Little (Exe)
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ijvp2h2dvn5s6m6qh5gj7gava77t75mlzfk6z4oxnzlmhyqi2saq._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
discovery
Link:
https://tria.ge/reports/251231-bhme9aey5d/
Behaviour
Reads runtime system information
Changes its process name
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
Renames itself
Contacts a large (2597) amount of remote hosts
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-7755770-0
YARA:
n/a
Link:
https://app.threat.zone/submission/da39b7bd-f841-4d3f-91d5-416548d36a6a
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/426afd1f43ab7b2f33d03f4c9f981507ff3ff58bc955ecf1d76e56c3e208d481

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Generic_Threat_8299c877
Create hunting rule
Author:Elastic Security
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 426afd1f43ab7b2f33d03f4c9f981507ff3ff58bc955ecf1d76e56c3e208d481

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3739153/
  
Delivery method
Distributed via web download

Comments