MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c8dcfaf72d826e5e944b2b3c5a5f19c52f5d254e4f7de5a0a385354e778e955. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 9 File information Comments

SHA256 hash: 5c8dcfaf72d826e5e944b2b3c5a5f19c52f5d254e4f7de5a0a385354e778e955
SHA3-384 hash: d6054942b0b4aa3ed6555598c09809947ede1159556d88f113685720363e2f0eeb4a15be30166b806366e3871762d5e0
SHA1 hash: 68d325d7b2c6b63cba75ce6113c32890b007ca26
MD5 hash: 9b5e9ea4ed0ba0fd94033b766b6eb1b5
humanhash: table-october-queen-black
File name:m68k
Download: download sample
Signature Mirai
File size:191'712 bytes
First seen:2026-07-05 01:28:13 UTC
Last seen:2026-07-05 11:04:02 UTC
File type: elf
MIME type:application/x-executable
ssdeep 3072:29/k/QZzZKBITD6KATgmgM91XAD6MYmTQ1ci1wVejbiUL/4RzyqC0niS:mM/QZOICHgM91QDXlNi1jL/gyqcS
TLSH T1BC144AC3F900DDBEF80AE73784134915B130B7A214925B37B257797BAC3A19A1467F8A
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence


File Origin
# of uploads :
2
# of downloads :
80
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash bashlite busybox evasive lolbin mirai
Status:
terminated
Behavior Graph:
%3 guuid=cd02d258-1a00-0000-990b-7fb5180f0000 pid=3864 /usr/bin/sudo guuid=aa5ccc5a-1a00-0000-990b-7fb51f0f0000 pid=3871 /tmp/sample.bin guuid=cd02d258-1a00-0000-990b-7fb5180f0000 pid=3864->guuid=aa5ccc5a-1a00-0000-990b-7fb51f0f0000 pid=3871 execve
Threat name:
Linux.Worm.Mirai
Status:
Malicious
First seen:
2026-07-05 01:29:54 UTC
File Type:
ELF32 Big (Exe)
AV detection:
13 of 36 (36.11%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202503_elf_Mirai
Author:abuse.ch
Description:Detects Mirai 'TSource' ELF files
Rule name:ELF_Toriilike_persist
Author:4r4
Description:Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:Identified via researched data
Rule name:enterpriseapps2
Author:Tim Brown @timb_machine
Description:Enterprise apps
Rule name:linux_generic_ipv6_catcher
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:telebot_framework
Author:vietdx.mb
Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/
Rule name:unixredflags3
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags
Rule name:without_attachments
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the no presence of any attachment
Reference:http://laboratorio.blogs.hispasec.com/
Rule name:with_urls
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the presence of an or several urls
Reference:http://laboratorio.blogs.hispasec.com/

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 5c8dcfaf72d826e5e944b2b3c5a5f19c52f5d254e4f7de5a0a385354e778e955

(this sample)

  
Delivery method
Distributed via web download

Comments