MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5961ac6aa7318f4e18d952cca89aac3eb411776404d1230919d2b86ce056bc60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA 2 File information Comments

SHA256 hash:	5961ac6aa7318f4e18d952cca89aac3eb411776404d1230919d2b86ce056bc60
SHA3-384 hash:	c824fd64c51869770588dac72438e62e76f1f3dbdf2e748892e6799119d42ac93821bd91e1c6240e8a099cc67a078af5
SHA1 hash:	b8cff90e28fb054231d95db42d9ec4f8db5fe616
MD5 hash:	32b4603b4634a0b0c95d13064293e5ba
humanhash:	oven-zulu-floor-lake
File name:	xnxnxnxnxnxnxnxnmipsxnxn
Download:	download sample
Signature	Mirai Create hunting rule
File size:	166'976 bytes
First seen:	2026-02-08 16:36:39 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	3072:93VJgTdgahP/2o/ZrTheIsnjCWRXFm4UpM1wLxpPNNOziHYfam:9FJMgWPZr8IaCWReS1WpPeR7
TLSH	T1A2F33B47B7208FB1C368967109B3CB67A6E6269216E19985E66DCD107F3035C6C3FFA0
telfhash	t1d9c002145c7457f15108dd5540dc7f29c5f51dcf15431d1fd9183c654631d831f00d59
Magika	elf
Reporter	abuse_ch
Tags:	elf gafgyt mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 55dc4baa23959daf34e0cb449b65c676725d21152b02fd0b126a1f561aa9688d

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	74'780 bytes
File size (de-compressed) :	166'976 bytes
Format:	linux/mips
Packed file:	55dc4baa23959daf34e0cb449b65c676725d21152b02fd0b126a1f561aa9688d

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

Unix.Trojan.Mirai-10056451-0

Unix.Trojan.Mirai-10058917-0

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

anti-vm anti-vm bashlite gafgyt mirai

Link:

https://www.filescan.io/uploads/6988bbb9981ff1d38a4d45ab/reports/a1d93c3e-4de6-4553-b025-6e862ef7cec0/overview

Result

Gathering data

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/e55fcbc4-7203-4c6a-9149-a256f7dfa5ea

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/0130e9b7-d068-408b-a1b4-015136e99fcb

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1865665

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/5961ac6aa7318f4e18d952cca89aac3eb411776404d1230919d2b86ce056bc60

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/5961ac6aa7318f4e18d952cca89aac3eb411776404d1230919d2b86ce056bc60/

Threat name:

Linux.Trojan.Gafgyt

Status:

Suspicious

First seen:

2026-02-08 16:37:45 UTC

File Type:

ELF32 Big (Exe)

AV detection:

6 of 36 (16.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lfq2y2vhgghu4ggzklgkrgvmh22bc53eatisgciz2k4gzycwxrqa._file

Result

Malware family:

n/a

Score:

6/10

Tags:

antivm discovery

Link:

https://tria.ge/reports/260208-t4xgfsay8h/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Reads system network configuration

Checks hardware identifiers (DMI)

Enumerates active TCP sockets

Enumerates running processes

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.