MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5218eec0785aca9ca6681ef67b0dc06c409d56daabcc9e8231650d05c600cafa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5218eec0785aca9ca6681ef67b0dc06c409d56daabcc9e8231650d05c600cafa
SHA3-384 hash: 46d3512c36b9044003af936c3eba9186cf2bb46170ffa1e5e8ab17830ad69e4d34517ffe226bc05e55efb21a499cc225
SHA1 hash: 1e9f7d7c13cf40de84a84a4a7943589004e980d7
MD5 hash: ff7f877a976b6e63141b355eb1c82684
humanhash: bacon-yankee-colorado-oxygen
File name:armv5l
Download: download sample
Signature Mirai
Create hunting rule
File size:57'752 bytes
First seen:2025-12-26 12:11:01 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:1KGInEjbTfLPA+wlW6GvE1C6/7K2qWzaDUAaPwDSX4AwsPHbsXn:aEvTfjwg6wE1C6TKXWDAzA4A5TsX
TLSH T10F43F162A45F65A9D1F219BDDCF05411FBCB0BE1C2BD38D04026DD0EB9A2C4E367DA12
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai UPX
File size (compressed) :57'752 bytes
File size (de-compressed) :170'380 bytes
Format:linux/arm
Unpacked file: b5b681880cbda082da1fb307d77c9497a16a27667008823be21f1cc7213b7ad8

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/47b64c8f-f629-4121-a191-1ed6037d833d/
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
mirai packed upx
Link:
https://www.filescan.io/uploads/694e7b67e126b9ff43922dc6/reports/aa84351d-8aa5-4b81-bea0-99fe0c571ff7/overview
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-12-26T10:40:00Z UTC
Last seen:
2025-12-26T11:17:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5218eec0785aca9ca6681ef67b0dc06c409d56daabcc9e8231650d05c600cafa/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1d1a8b34-ceff-43e3-bd68-907ec95f1829
Behavior Graph:
Download SVG
%3 guuid=b481e088-1800-0000-b1d1-bf2f68090000 pid=2408 /usr/bin/sudo guuid=c781768a-1800-0000-b1d1-bf2f6e090000 pid=2414 /tmp/sample.bin guuid=b481e088-1800-0000-b1d1-bf2f68090000 pid=2408->guuid=c781768a-1800-0000-b1d1-bf2f6e090000 pid=2414 execve
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f60f7af3-ad28-4dfc-ab54-bff98d850540
Result
Threat name:
n/a
Detection:
suspicious
Classification:
evad
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/1839699
Signature
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1839699 Sample: armv5l.elf Startdate: 26/12/2025 Architecture: LINUX Score: 22 12 34.254.182.186, 443 AMAZON-02US United States 2->12 14 54.247.62.1, 43390, 443 AMAZON-02US United States 2->14 16 Sample is packed with UPX 2->16 6 dash rm 2->6         started        8 dash rm 2->8         started        10 armv5l.elf 2->10         started        signatures3 process4
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/5218eec0785aca9ca6681ef67b0dc06c409d56daabcc9e8231650d05c600cafa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5218eec0785aca9ca6681ef67b0dc06c409d56daabcc9e8231650d05c600cafa/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-26 12:11:22 UTC
File Type:
ELF32 Little (Exe)
AV detection:
10 of 36 (27.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kimo5qdyllfjzjtid33hwdoanraj2vw2vpgj5arrmugqlrqazl5a._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
upx
Link:
https://tria.ge/reports/251226-pcr1faam4s/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/91604997-c8bd-49c6-9d52-bf4c2f7fdd0a
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5218eec0785aca9ca6681ef67b0dc06c409d56daabcc9e8231650d05c600cafa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 5218eec0785aca9ca6681ef67b0dc06c409d56daabcc9e8231650d05c600cafa

(this sample)

Mirai

elf b5b681880cbda082da1fb307d77c9497a16a27667008823be21f1cc7213b7ad8

  
URLhaus
https://urlhaus.abuse.ch/url/3693009/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 b5b681880cbda082da1fb307d77c9497a16a27667008823be21f1cc7213b7ad8
  
Dropping
MD5 fdca48649bb51678a3bef77090f17156

Comments