MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5bef14bfc6333f55bce1979bf71c113587810b4e238bf3f93b77bf17b3678d4c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5bef14bfc6333f55bce1979bf71c113587810b4e238bf3f93b77bf17b3678d4c
SHA3-384 hash: a1f959872affd8adbcd0c1e99203783c2ba03d954c2df6eaf06196cd1281d411cf1b293716235c2ba1ae39389cda5c9c
SHA1 hash: 35f17a15fa08f89d4dd5c60e669927cd715822d2
MD5 hash: f27cdd93b37e733106eddf46672033fb
humanhash: magnesium-north-triple-washington
File name:ppc
Download: download sample
Signature Mirai
Create hunting rule
File size:79'080 bytes
First seen:2025-11-05 05:23:57 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:GbBi3mW+iGRAY2UrOdf+j7tXy7ZEKddrGct2H3qOYoo:GFiT5wD2jdf+A79dN7d
TLSH T181732B42731C0A47D5B39DB4253F27E0C3FFA59120F4BA84651E9B4A93B6E325186FCA
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 f45f1244d8f4221c895509af1921cebd8700de25031e6374dfca53dd95779066
File size (compressed) :38'868 bytes
File size (de-compressed) :79'080 bytes
Format:linux/ppc32
Packed file: f45f1244d8f4221c895509af1921cebd8700de25031e6374dfca53dd95779066

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135957-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Gathering data
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-11-05T03:34:00Z UTC
Last seen:
2025-11-05T06:30:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5bef14bfc6333f55bce1979bf71c113587810b4e238bf3f93b77bf17b3678d4c/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/69f79d8c-669b-48a0-a5c7-5fd4a99e6269
Behavior Graph:
Download SVG
%3 guuid=d4771a61-1a00-0000-4d48-6f54380a0000 pid=2616 /usr/bin/sudo guuid=5b5e8363-1a00-0000-4d48-6f54410a0000 pid=2625 /tmp/sample.bin guuid=d4771a61-1a00-0000-4d48-6f54380a0000 pid=2616->guuid=5b5e8363-1a00-0000-4d48-6f54410a0000 pid=2625 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/92573420-2782-4caa-b7b6-24aba0eb7890
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1808310
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/5bef14bfc6333f55bce1979bf71c113587810b4e238bf3f93b77bf17b3678d4c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5bef14bfc6333f55bce1979bf71c113587810b4e238bf3f93b77bf17b3678d4c/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-05 05:36:09 UTC
File Type:
ELF32 Big (Exe)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lpxrjp6ggm7vlphbs6n7ohargwdycc2oeof7h6j3o67rpm3hrvga._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai linux
Link:
https://tria.ge/reports/251105-f6kzjssqdm/
Verdict:
Malicious
Tags:
Unix.Dropper.Mirai-7135957-0
YARA:
n/a
Link:
https://app.threat.zone/submission/07009b54-3c4d-4982-ba3f-ac736e03a6ce
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5bef14bfc6333f55bce1979bf71c113587810b4e238bf3f93b77bf17b3678d4c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf f45f1244d8f4221c895509af1921cebd8700de25031e6374dfca53dd95779066

Mirai

elf 5bef14bfc6333f55bce1979bf71c113587810b4e238bf3f93b77bf17b3678d4c

(this sample)

  
Dropped by
SHA256 f45f1244d8f4221c895509af1921cebd8700de25031e6374dfca53dd95779066
  
URLhaus
https://urlhaus.abuse.ch/url/3693004/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 642814fa2c9f58675af8c023ca8c460f

Comments