MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6196fed0525cc2fb502f4b74be94c37f6e23fa7c9cc47422e8c9e21ef01cc37c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 11

Intelligence 11 IOCs YARA 3 File information Comments

SHA256 hash:	6196fed0525cc2fb502f4b74be94c37f6e23fa7c9cc47422e8c9e21ef01cc37c
SHA3-384 hash:	e1c0e9b0c4ff353f910e418c9138bb84dd11b4539094372f4bc1fce562bbde1c0267d312a398a58cfaad3686de958da4
SHA1 hash:	c75f0ad6eea5024ceb39a6b1423139db1e101dfc
MD5 hash:	9003eee2581d76e0e4df9849182bd1f2
humanhash:	video-summer-sierra-missouri
File name:	ub8ehJSePAfc9FYqZIT6.mpsl
Download:	download sample
Signature	Mirai Create hunting rule
File size:	58'380 bytes
First seen:	2026-01-11 06:46:33 UTC
Last seen:	2026-01-13 20:00:24 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:uteZA9rEQZAFd+7X88LzmX6ckkgBjRGkF:J+GQZadsXLzmXhk5V7
TLSH	T19A43F1DA41B091D9D13C507A70B7AA3008855443F3A3FBE6E3750C967729F63A6EF610
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai UPX

UPX packed

This file is packed with UPX. We have therefore unpacked the file. Below is furhter information about the unpacked (de-compressed) file.

File size (compressed) :	58'380 bytes
File size (de-compressed) :	190'728 bytes
Format:	linux/mipsel
Unpacked file:	f8cb755631143db884df0cf3a1d2cd145add504aea14c7f7248ae3a29ebd9579

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/086fe59e-552f-4309-8ab7-111936d1cf53/

Detection(s):

SecuriteInfo.com.Linux.Mirai-20.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

DNS request

Runs as daemon

Deletes a file

Receives data from a server

Locks files

Sends data to a server

Substitutes an application name

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

masquerade packed upx

Link:

https://www.filescan.io/uploads/6963478030368802bb7fd900/reports/089df398-845a-49f2-97bd-8a28315ac58e/overview

Verdict:

Malicious

File Type:

elf.32.le

First seen:

2026-01-11T04:04:00Z UTC

Last seen:

2026-01-13T03:47:00Z UTC

Hits:

~100

Detections:

HEUR:Backdoor.Linux.Mirai.h HEUR:Backdoor.Linux.Mirai.cw HEUR:Backdoor.Linux.Mirai.b HEUR:Backdoor.Linux.Mirai.r

Link:

https://opentip.kaspersky.com/6196fed0525cc2fb502f4b74be94c37f6e23fa7c9cc47422e8c9e21ef01cc37c/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/02defc94-1dbb-48a4-915b-c428915f84fe

Behavior Graph:

Download SVG

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/6058be0d-d4c5-4746-8601-23a736a19ec6

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1848286

Signature

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/6196fed0525cc2fb502f4b74be94c37f6e23fa7c9cc47422e8c9e21ef01cc37c

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/6196fed0525cc2fb502f4b74be94c37f6e23fa7c9cc47422e8c9e21ef01cc37c/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/6196fed0525cc2fb502f4b74be94c37f6e23fa7c9cc47422e8c9e21ef01cc37c

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2026-01-11 06:47:28 UTC

File Type:

ELF32 Little (Exe)

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mglp5ucsltbpwubpjn2l5fgdp5xch6t4ttchiixizhrb54a4yn6a._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet defense_evasion discovery upx

Link:

https://tria.ge/reports/260111-hkexhscz2d/

Behaviour

Reads runtime system information

Writes file to tmp directory

Changes its process name

Writes file to system bin folder

Modifies Watchdog functionality

Mirai

Mirai family

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/0bdacc71-6287-4b09-a1c4-1c891d595aba

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/6196fed0525cc2fb502f4b74be94c37f6e23fa7c9cc47422e8c9e21ef01cc37c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	SUSP_ELF_LNX_UPX_Compressed_File Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects a suspicious ELF binary with UPX compression
Reference:	Internal Research