MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ad3fd9edd64bf2417309e8edc9104199f6cb62abd80f05ca2ceaf533776ae4a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ad3fd9edd64bf2417309e8edc9104199f6cb62abd80f05ca2ceaf533776ae4a
SHA3-384 hash: 61b45a183879d801c9733c9f935dcdcd073d11755042d0978ab9d8b9de6d598e1b4072fad702c00800cb17b7f67cb081
SHA1 hash: 7b692f3bdaa25b7f1cafe79c9f59ac2225f46377
MD5 hash: a25a3ca96b3643172578b16d8a11fe41
humanhash: table-island-zebra-double
File name:ARM5
Download: download sample
Signature Mirai
Create hunting rule
File size:2'131'136 bytes
First seen:2026-02-25 16:12:12 UTC
Last seen:2026-02-25 17:40:33 UTC
File type: elf
MIME type:application/x-executable
ssdeep 49152:dx0crz6k79sSSrYj/Wg2xwFK2WiboHjUfDmFPu0FRN:YcrzD5sbg2xwFKvUfS1uERN
TLSH T179A53314F2FF9CCAB326F9B924F51389CE23D049A44653D7F6BD0A84CF071A5056B92A
telfhash t12a90024c457c062825506948c18cd1d49a811dc91346d0250d44e4158c040930011852
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf UPX
File size (compressed) :2'131'136 bytes
File size (de-compressed) :8'061'076 bytes
Format:linux/arm
Unpacked file: c77b6993b55251d34ac648e12fe1b39542f974633d7883c7372efcb8c3ab4c0a

Intelligence

File Origin
# of uploads :
3
# of downloads :
70
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.ELF.Agent-EDB.51863813.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Runs as daemon
Receives data from a server
Collects information on the RAM
Changes access rights for a written file
Launching a process
Sends data to a server
Creating a process from a recently created file
Creating a file
Collects information on the CPU
Changes the time when the file was created, accessed, or modified
Creating a file in the %temp% directory
Connection attempt
Creates or modifies files in /cron to set up autorun
Creates or modifies files in /init.d to set up autorun
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
unknown
Number of open files:
128
Number of processes launched:
6
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/4ad3fd9edd64bf2417309e8edc9104199f6cb62abd80f05ca2ceaf533776ae4a
Behaviour
Information Gathering
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.le
Link:
https://opentip.kaspersky.com/4ad3fd9edd64bf2417309e8edc9104199f6cb62abd80f05ca2ceaf533776ae4a/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/44103a0c-640a-4265-ad18-2ddc80d9bb16
Behavior Graph:
Download SVG
%3 guuid=80c123aa-1a00-0000-1113-5d509c080000 pid=2204 /usr/bin/sudo guuid=ec594cad-1a00-0000-1113-5d50a4080000 pid=2212 /tmp/sample.bin guuid=80c123aa-1a00-0000-1113-5d509c080000 pid=2204->guuid=ec594cad-1a00-0000-1113-5d50a4080000 pid=2212 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c58491f5-19b2-478e-8819-9282e17e2d58
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1874834
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/4ad3fd9edd64bf2417309e8edc9104199f6cb62abd80f05ca2ceaf533776ae4a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4ad3fd9edd64bf2417309e8edc9104199f6cb62abd80f05ca2ceaf533776ae4a/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-25 16:12:54 UTC
File Type:
ELF32 Little (Exe)
AV detection:
4 of 36 (11.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jlj73hw5ms7sifzqt2hnzeiedgpwznrkxwapaxfcz2xvgn3wvzfa._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery upx
Link:
https://tria.ge/reports/260225-tnrw2acy7g/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4ad3fd9edd64bf2417309e8edc9104199f6cb62abd80f05ca2ceaf533776ae4a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 4ad3fd9edd64bf2417309e8edc9104199f6cb62abd80f05ca2ceaf533776ae4a

(this sample)

Mirai

elf c77b6993b55251d34ac648e12fe1b39542f974633d7883c7372efcb8c3ab4c0a

  
URLhaus
https://urlhaus.abuse.ch/url/3785554/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3785559/
  
Dropping
SHA256 c77b6993b55251d34ac648e12fe1b39542f974633d7883c7372efcb8c3ab4c0a
  
Dropping
MD5 6c67a4fb84c9c16fc1af177578273994

Comments