MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 518620f5eb7f8ed9902a0dc4873ee58b4c99812921a794aadf5023ecad453e1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 518620f5eb7f8ed9902a0dc4873ee58b4c99812921a794aadf5023ecad453e1f
SHA3-384 hash: 72a480b0d9c3cbe50d25f08cab08a9a0be55101956a97ab1e616faea341458ebe36ea4b047e0584ee5ad4665d118129d
SHA1 hash: e632855b3489f9bd8cf15715e9920cb678324da2
MD5 hash: f187bbb0b7a919d68cbd604b1c0518fd
humanhash: september-one-sierra-michigan
File name:boatnet.ppc
Download: download sample
Signature Mirai
Create hunting rule
File size:50'608 bytes
First seen:2026-02-17 14:26:22 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:+LI6ppREif6YeCTsTDr2aIwU5AoF2hftkSGsv6H1ILt6q:j6plf3TsHr/bRfTS1Ip6q
TLSH T180335B02775C0E43C02A6EB4253F23D9D3EFEAE120E4F189650E9A46D175E33468AEDD
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 ddfa2b04d7f884ffddb549abfaf272ce1d87afd7b4147116187e70be3f652e99
File size (compressed) :24'408 bytes
File size (de-compressed) :50'608 bytes
Format:linux/ppc32
Packed file: ddfa2b04d7f884ffddb549abfaf272ce1d87afd7b4147116187e70be3f652e99

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
NL NL
Vendor Threat Intelligence
Malware configuration found for:
Mirai
Details
Mirai
an XOR decryption key and at least a c2 socket address
Link:
https://research.acce.ciphertechsolutions.com/results/b560aa72-87cb-4aef-ae9e-bcb77a6f1e03/
Detection(s):
Unix.Dropper.Mirai-7135957-0
Create hunting rule

Unix.Dropper.Mirai-7136013-0
Create hunting rule

Unix.Trojan.Mirai-8025795-0
Create hunting rule

Unix.Trojan.Mirai-9858729-0
Create hunting rule

Unix.Trojan.Mirai-9940367-0
Create hunting rule

Unix.Trojan.Mirai-10058922-0
Create hunting rule

Unix.Trojan.Mirai-10059005-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade mirai
Link:
https://www.filescan.io/uploads/69947ac32ffccda0977178d6/reports/09e7a39f-ce3d-4f29-991a-e6869b2d5b8d/overview
Verdict:
Malicious
File Type:
elf.32.be
Detections:
HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/518620f5eb7f8ed9902a0dc4873ee58b4c99812921a794aadf5023ecad453e1f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b646af1f-2e44-419f-8369-7a394b018d2e
Behavior Graph:
Download SVG
%3 guuid=71c5b9ea-1a00-0000-17d2-c2bd4b0b0000 pid=2891 /usr/bin/sudo guuid=fe2410ee-1a00-0000-17d2-c2bd4d0b0000 pid=2893 /tmp/sample.bin guuid=71c5b9ea-1a00-0000-17d2-c2bd4b0b0000 pid=2891->guuid=fe2410ee-1a00-0000-17d2-c2bd4d0b0000 pid=2893 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4b6a88ec-d516-41f4-9879-199e08757f05
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/518620f5eb7f8ed9902a0dc4873ee58b4c99812921a794aadf5023ecad453e1f
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/518620f5eb7f8ed9902a0dc4873ee58b4c99812921a794aadf5023ecad453e1f/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/518620f5eb7f8ed9902a0dc4873ee58b4c99812921a794aadf5023ecad453e1f
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-02-17 14:27:14 UTC
File Type:
ELF32 Big (Exe)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kgdcb5plp6hntebkbxciopxfrngjtajjegtzjkw7kar6zlkfhypq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd linux
Link:
https://tria.ge/reports/260217-rshg2scv7e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/518620f5eb7f8ed9902a0dc4873ee58b4c99812921a794aadf5023ecad453e1f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf ddfa2b04d7f884ffddb549abfaf272ce1d87afd7b4147116187e70be3f652e99

Mirai

elf 518620f5eb7f8ed9902a0dc4873ee58b4c99812921a794aadf5023ecad453e1f

(this sample)

  
Dropped by
SHA256 ddfa2b04d7f884ffddb549abfaf272ce1d87afd7b4147116187e70be3f652e99
  
URLhaus
https://urlhaus.abuse.ch/url/3779317/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 8d8a7b1ecc0efa2445f4f039eace3222

Comments