MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c090629d5ecf8695961afdd778b2d3dd39c64cb3b1e39f339bca268bebdf1f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 13


Intelligence 13 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c090629d5ecf8695961afdd778b2d3dd39c64cb3b1e39f339bca268bebdf1f1
SHA3-384 hash: 78295490363d5d87ae92a72d19e0578cb3081868892b5bd4c4db726677f751aedb58cde44a170ff6f501206d823c2423
SHA1 hash: 15e6adce1785eb54f5c7edaba70bc1c353154f08
MD5 hash: 365e7bdc6da5c103b532bca22a58abca
humanhash: seven-oranges-avocado-four
File name:ub8ehJSePAfc9FYqZIT6.x86
Download: download sample
Signature Mirai
Create hunting rule
File size:39'872 bytes
First seen:2026-01-18 18:34:52 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:sxxOc5JJtkht3dFVOX4HJ2ZwtS6C+PRJ77CCqUGPGTnbcuyD7UHQRjv:sxxOitKhd+X02D6C+p9CCtGPenouy8Ho
TLSH T1F903F1C5757C1408E47A853B28DFAF0DA021E1AC458499FFD6C050E5EDEAE2A7B363A1
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai UPX
File size (compressed) :39'872 bytes
File size (de-compressed) :96'456 bytes
Format:linux/i386
Unpacked file: 85fb9a74cf3c887492e0dc8789dc513e5769b6e86987ac800466992b89dbc98c

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/cfffcfed-7dba-4403-9471-ba24e7bc45ee/
Detection(s):
Unix.Dropper.Mirai-7135858-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
gafgyt masquerade mirai obfuscated packed upx
Link:
https://www.filescan.io/uploads/696d27f7fdafd7624ab03af7/reports/e9772577-a618-46ea-bfd0-0cd4d471b704/overview
Result
Gathering data
Verdict:
Malicious
File Type:
elf.32.le
Detections:
HEUR:Backdoor.Linux.Mirai.r HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/4c090629d5ecf8695961afdd778b2d3dd39c64cb3b1e39f339bca268bebdf1f1/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c6abed00-b1dc-4505-83b2-eb3097e36ab8
Behavior Graph:
Download SVG
%3 guuid=5d4c82ae-1900-0000-3dbe-c53eed090000 pid=2541 /usr/bin/sudo guuid=a3fe72b1-1900-0000-3dbe-c53ef6090000 pid=2550 /tmp/sample.bin net guuid=5d4c82ae-1900-0000-3dbe-c53eed090000 pid=2541->guuid=a3fe72b1-1900-0000-3dbe-c53ef6090000 pid=2550 execve 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=a3fe72b1-1900-0000-3dbe-c53ef6090000 pid=2550->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7edd44b2-1900-0000-3dbe-c53ef9090000 pid=2553 /tmp/sample.bin guuid=a3fe72b1-1900-0000-3dbe-c53ef6090000 pid=2550->guuid=7edd44b2-1900-0000-3dbe-c53ef9090000 pid=2553 clone guuid=43e7f0ed-1900-0000-3dbe-c53e9c0a0000 pid=2716 /tmp/sample.bin guuid=a3fe72b1-1900-0000-3dbe-c53ef6090000 pid=2550->guuid=43e7f0ed-1900-0000-3dbe-c53e9c0a0000 pid=2716 clone guuid=58ec9d29-1a00-0000-3dbe-c53efc0a0000 pid=2812 /tmp/sample.bin guuid=a3fe72b1-1900-0000-3dbe-c53ef6090000 pid=2550->guuid=58ec9d29-1a00-0000-3dbe-c53efc0a0000 pid=2812 clone guuid=2a8d4f65-1a00-0000-3dbe-c53e710b0000 pid=2929 /tmp/sample.bin guuid=a3fe72b1-1900-0000-3dbe-c53ef6090000 pid=2550->guuid=2a8d4f65-1a00-0000-3dbe-c53e710b0000 pid=2929 clone guuid=eacb5a65-1a00-0000-3dbe-c53e720b0000 pid=2930 /tmp/sample.bin dns net send-data zombie guuid=a3fe72b1-1900-0000-3dbe-c53ef6090000 pid=2550->guuid=eacb5a65-1a00-0000-3dbe-c53e720b0000 pid=2930 clone guuid=eacb5a65-1a00-0000-3dbe-c53e720b0000 pid=2930->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=eacb5a65-1a00-0000-3dbe-c53e720b0000 pid=2930->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 1748B 3ec2bfaf-8e71-5eeb-b8ce-6ffe78958b80 weifang.serveftp.com:3778 guuid=eacb5a65-1a00-0000-3dbe-c53e720b0000 pid=2930->3ec2bfaf-8e71-5eeb-b8ce-6ffe78958b80 send: 230B
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/589cde0a-fd6f-47c0-82b1-9f5ab0344c2a
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1852888
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/4c090629d5ecf8695961afdd778b2d3dd39c64cb3b1e39f339bca268bebdf1f1
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/4c090629d5ecf8695961afdd778b2d3dd39c64cb3b1e39f339bca268bebdf1f1/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/4c090629d5ecf8695961afdd778b2d3dd39c64cb3b1e39f339bca268bebdf1f1
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-18 18:35:40 UTC
File Type:
ELF32 Little (Exe)
AV detection:
15 of 36 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqeqmkov5t4gswlbv7oxpcznhxjzyzglhmpdt4zzxsrgrpv56hyq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260118-w8l8dsds6d/
Behaviour
Reads runtime system information
Changes its process name
Writes file to system bin folder
Modifies Watchdog functionality
Mirai
Mirai family
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135858-0
YARA:
n/a
Link:
https://app.threat.zone/submission/cf5c820b-8a42-4c83-ab09-5d58c3bb1a5a
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 4c090629d5ecf8695961afdd778b2d3dd39c64cb3b1e39f339bca268bebdf1f1

(this sample)

Mirai

elf 85fb9a74cf3c887492e0dc8789dc513e5769b6e86987ac800466992b89dbc98c

  
URLhaus
https://urlhaus.abuse.ch/url/3753547/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 85fb9a74cf3c887492e0dc8789dc513e5769b6e86987ac800466992b89dbc98c
  
Dropping
MD5 9b32abb1cdff3be214810a2ec71f958e
  
URLhaus
https://urlhaus.abuse.ch/url/3757603/
  
URLhaus
https://urlhaus.abuse.ch/url/3759487/

Comments