MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45e9b857deb1a5687fac13a584e9f0468322616e7667ad340de7112a62d7dc35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 12

Intelligence 12 IOCs YARA 2 File information Comments

SHA256 hash:	45e9b857deb1a5687fac13a584e9f0468322616e7667ad340de7112a62d7dc35
SHA3-384 hash:	0dd1010dee3ceb564f9ce6fab14bd3d96fa773c8256da75d16ef610fc7d5c2e2d2aedc020d267003e2aa2615bed38f1f
SHA1 hash:	b68b4789205ff9a838f083953f07083f61b60d67
MD5 hash:	c86f6f4829fccca9f599b50cefc8ad78
humanhash:	triple-sad-chicken-mississippi
File name:	nwfaiehg4ewijfgriehgirehaughrarg.arm6
Download:	download sample
Signature	Mirai Create hunting rule
File size:	97'472 bytes
First seen:	2026-01-11 04:36:04 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:6MnWuEFK6KQA1k+vGQrMxzGZhtsamZ5UHCpD1iFX5Gaw17hB5jY1gK9:6FveWYGQ+ChtsamcX5Gaw11Blq9
TLSH	T1E2933B56F9818B21D6C116BAFA1E118D3313177CE2EE7312AD246F2077CB96B0E7B905
telfhash	t1e3f09ea2a5cc57d837e45044c5f7266f059570bd21347b468eb9ef5f41578b6b401c38
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 0d10c39d2fa568fc62ed9f93a8b59e2d758f29c08734f89778686bf56e2e1f79

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	43'680 bytes
File size (de-compressed) :	97'472 bytes
Format:	linux/arm
Packed file:	0d10c39d2fa568fc62ed9f93a8b59e2d758f29c08734f89778686bf56e2e1f79

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

Mirai

Details

Mirai

an XOR decryption key and at least a c2 socket address

Link:

https://research.acce.ciphertechsolutions.com/results/8b815da4-ea32-4044-a837-da2a5e0d652e/

Detection(s):

SecuriteInfo.com.Linux.Siggen.9999-6.UNOFFICIAL

Unix.Trojan.Mirai-10056451-0

Unix.Trojan.Mirai-10056463-0

Unix.Trojan.Mirai-10057788-0

Unix.Trojan.Mirai-10058922-0

Unix.Trojan.Mirai-10059005-0

Unix.Trojan.Mirai-10059006-0

Result

Verdict:

Malware

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

masquerade mirai rust

Link:

https://www.filescan.io/uploads/696328c807ef5fa68e841147/reports/dcbcfb9a-976f-4ff6-9185-78adb876f844/overview

Verdict:

Malicious

File Type:

elf.32.le

First seen:

2026-01-11T01:45:00Z UTC

Last seen:

2026-01-11T02:46:00Z UTC

Hits:

~10

Detections:

HEUR:Backdoor.Linux.Mirai.b HEUR:Backdoor.Linux.Gafgyt.bl HEUR:Backdoor.Linux.Gafgyt.bj

Link:

https://opentip.kaspersky.com/45e9b857deb1a5687fac13a584e9f0468322616e7667ad340de7112a62d7dc35/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/01b6fd82-026a-40a5-8ef8-ba298f271c0f

Behavior Graph:

Download SVG

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0bdcd3db-800d-4a2c-ab79-50f2fc98cd8c

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1848185

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/45e9b857deb1a5687fac13a584e9f0468322616e7667ad340de7112a62d7dc35

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/45e9b857deb1a5687fac13a584e9f0468322616e7667ad340de7112a62d7dc35/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/45e9b857deb1a5687fac13a584e9f0468322616e7667ad340de7112a62d7dc35

Threat name:

Linux.Backdoor.Mirai

Status:

Malicious

First seen:

2026-01-11 04:36:32 UTC

File Type:

ELF32 Little (Exe)

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ixu3qv66wgswq75mcosyj2pqi2bseyloozt22nan44isuywx3q2q._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai

Link:

https://tria.ge/reports/260111-e8ed4sg14d/

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/35fc5cf0-b93d-4479-8ff4-99896c89e427

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/45e9b857deb1a5687fac13a584e9f0468322616e7667ad340de7112a62d7dc35

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	ELF_Toriilike_persist Create hunting rule
Author:	4r4
Description:	Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:	Identified via researched data