MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5967869b8f30e997ac1fa2395316234ac61d6de55ec8a38a10b0b4f4e8ee57d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA 3 File information Comments

SHA256 hash:	5967869b8f30e997ac1fa2395316234ac61d6de55ec8a38a10b0b4f4e8ee57d7
SHA3-384 hash:	58316760da572bac8da5dcc39a17f5b458a36a7a41719648eab47ffffd3879685d2773c91ed940c3558925924e14aa1c
SHA1 hash:	3632c8830603a09c4dcd4092a1e14c88adbdee8c
MD5 hash:	6629efaf86c13ef64b3f9fa3d689744f
humanhash:	twelve-alpha-vermont-iowa
File name:	arm7
Download:	download sample
Signature	Mirai Create hunting rule
File size:	99'194 bytes
First seen:	2025-08-19 04:55:33 UTC
Last seen:	2025-08-19 22:33:14 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:ilndWz3EBSyDAbFXYlE+BClcXi2ZUhrqK1uut3HC7wzzw/9iI7m8Zh:MIEBSyDAbFXYll7UBxz3i7EM/9Pv
TLSH	T15BA33B46FB818B03C4D21775BBDF82553323DB54D3AB63064A2CABB43F8679A4F26505
telfhash	t11b1100858928cf6c27329e14ef42b2f047994331535d2b32cf27caaca9290c0db11426
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Unix.Trojan.Mirai-9760303-0

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Receives data from a server

Opens a port

DNS request

Runs as daemon

Sends data to a server

Connection attempt

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/685c860b-f460-452a-b05f-b7796465e5e7

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9e8c57c6-9aa4-419a-84d6-2eb9e8fa8e02

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1759812

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/5967869b8f30e997ac1fa2395316234ac61d6de55ec8a38a10b0b4f4e8ee57d7

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/5967869b8f30e997ac1fa2395316234ac61d6de55ec8a38a10b0b4f4e8ee57d7/

Threat name:

Linux.Backdoor.Mirai

Status:

Malicious

First seen:

2025-08-19 04:57:42 UTC

File Type:

ELF32 Little (Exe)

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lftyng4pgduzpla7ui4vgfrdjldb23pfl3ekhcqqwc2pj2hok7lq._file

Result

Malware family:

n/a

Score:

9/10

Tags:

discovery

Link:

https://tria.ge/reports/250819-fldpqsgl7x/

Behaviour

Contacts a large (112515) amount of remote hosts

Creates a large amount of network flows

Verdict:

Malicious

Tags:

Unix.Trojan.Mirai-9760303-0

YARA:

n/a

Link:

https://app.threat.zone/submission/15fbf64e-c3c7-4b45-a776-48df244e254b

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/5967869b8f30e997ac1fa2395316234ac61d6de55ec8a38a10b0b4f4e8ee57d7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.