MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 463025059ff0ca611673e8419551b386ef8597f78cb00799ebba924ca45f17f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 11

Intelligence 11 IOCs YARA 4 File information Comments

SHA256 hash:	463025059ff0ca611673e8419551b386ef8597f78cb00799ebba924ca45f17f4
SHA3-384 hash:	5238ec4fb9783bb9d0cc4ed86481130f5eb279d1041ac162e034d9c733d39963e6d5f8295217a208ea138021a81da26d
SHA1 hash:	d1b094c3ebc5f39b11dc08ef710f35238c0c9c39
MD5 hash:	52e12315b11d62cb06c5861504f459ab
humanhash:	montana-eleven-oscar-nebraska
File name:	debug
Download:	download sample
Signature	Mirai Create hunting rule
File size:	40'292 bytes
First seen:	2025-08-02 17:07:38 UTC
Last seen:	2025-08-10 14:16:54 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	768:Zgt792kzPRB8mftKiDuTIFgNiZEMW6gJXMzExia4v8nnbcuyD7UtQRjF:Zg7nvftKO+iZgcEAa40nnouy8ty5
TLSH	T1F903E117EAE6CB50E5AFD03403AFD59B060011ECE088C8EDDEC6AA7369C57A8979D345
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai UPX

UPX packed

This file is packed with UPX. We have therefore unpacked the file. Below is furhter information about the unpacked (de-compressed) file.

File size (compressed) :	40'292 bytes
File size (de-compressed) :	80'208 bytes
Format:	linux/i386
Unpacked file:	51b87b8f3a861406b45f9c2621d0d182ad7705e3520e8c5d4587b1c74020b880

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Unix.Dropper.Mirai-7135858-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Kills processes

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

packed upx

Link:

https://www.filescan.io/uploads/688e461573b8ef6f4afb6266/reports/899a8d41-d13e-4a92-991a-ccac134a0808/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

x86

Packer:

UPX

Botnet:

unknown

Number of open files:

153

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/463025059ff0ca611673e8419551b386ef8597f78cb00799ebba924ca45f17f4

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/b2abef7a-af3a-4793-bb35-5a2f6866b974

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ab75faa5-779e-4027-912b-fd43e1124422

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1749138

Signature

Deletes system log files

Malicious sample detected (through community Yara rule)

Manipulation of devices in /dev

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/463025059ff0ca611673e8419551b386ef8597f78cb00799ebba924ca45f17f4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/463025059ff0ca611673e8419551b386ef8597f78cb00799ebba924ca45f17f4/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/463025059ff0ca611673e8419551b386ef8597f78cb00799ebba924ca45f17f4

Threat name:

Linux.Backdoor.Mirai

Status:

Malicious

First seen:

2025-08-02 17:08:24 UTC

File Type:

ELF32 Little (Exe)

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=iyyckbm76dfgcftt5bazkuntq3xylf7xrsyapgplxkjezjc7c72a._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet credential_access defense_evasion discovery linux upx

Link:

https://tria.ge/reports/250802-vnpmcabm21/

Behaviour

Reads runtime system information

Reads system network configuration

Reads process memory

Enumerates active TCP sockets

Enumerates running processes

Deletes journal logs

Mirai

Mirai family

Verdict:

Malicious

Tags:

Unix.Dropper.Mirai-7135858-0

YARA:

n/a

Link:

https://app.threat.zone/submission/76323d2b-871a-4219-ba9e-3a3bb272aa25

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	SUSP_ELF_LNX_UPX_Compressed_File Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects a suspicious ELF binary with UPX compression
Reference:	Internal Research

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)