MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 637cd310cc72896278e8b64c9ffd33eb1bc8ce2c4ec8b4fb41f5df01996d111c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA 4 File information Comments

SHA256 hash:	637cd310cc72896278e8b64c9ffd33eb1bc8ce2c4ec8b4fb41f5df01996d111c
SHA3-384 hash:	4e0ec874b0631cabd622631fb746d790dd047e906252a7102b89b31d6f36e507b9b2916c5dd24d4df3e170c5b166eab9
SHA1 hash:	a2fe233bddeebbebd3ddd581ed795d108bf540ee
MD5 hash:	61af78f8bb341984602f0441f718b4db
humanhash:	michigan-spaghetti-wisconsin-moon
File name:	ppc
Download:	download sample
Signature	Mirai Create hunting rule
File size:	57'888 bytes
First seen:	2025-12-27 00:48:03 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:uNNtWZH/DArXtr4WWyzJF+Tf3i3P4u+qgw0Vu/:bZf+r4/yzb+Tf3i/4u+qgw2u/
TLSH	T135430198D7AFF910F256A6970CF791923BEACBD12B31D92494886FE24F014B78230DC4
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai UPX

UPX packed

This file is packed with UPX. We have therefore unpacked the file. Below is furhter information about the unpacked (de-compressed) file.

File size (compressed) :	57'888 bytes
File size (de-compressed) :	166'404 bytes
Format:	linux/ppc32
Unpacked file:	47458c622a7d93a58476dd202da1566188c05285b1cb1b804b269d918a77da70

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/92d41373-5668-4ae4-a534-3cd25fd7954d/

Result

Gathering data

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/341a7962-296e-470e-ac2c-e956225602c1

Behavior Graph:

Download SVG

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/aa3243dd-3b89-4298-bc95-1548e199272d

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1840169

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/637cd310cc72896278e8b64c9ffd33eb1bc8ce2c4ec8b4fb41f5df01996d111c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/637cd310cc72896278e8b64c9ffd33eb1bc8ce2c4ec8b4fb41f5df01996d111c/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-12-27 00:48:21 UTC

File Type:

ELF32 Big (Exe)

AV detection:

9 of 36 (25.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mn6ngegmokewe6hiwzgj77jt5mn4rtrmj3elj62b6xpqdglnceoa._file

Result

Malware family:

n/a

Score:

5/10

Tags:

linux upx

Link:

https://tria.ge/reports/251227-a5yw5avpen/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	SUSP_ELF_LNX_UPX_Compressed_File Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects a suspicious ELF binary with UPX compression
Reference:	Internal Research