MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66321062a37720186072c74f329ca866abd7f62989557ec8eb67af201c2aa484. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA 3 File information Comments

SHA256 hash:	66321062a37720186072c74f329ca866abd7f62989557ec8eb67af201c2aa484
SHA3-384 hash:	e8b182956b1575fa95dacff92e06acf2afdc80880616f0f10106d8b0973a3e000ab96e19b22c6a25d1757e47ef6221c3
SHA1 hash:	757f6573b9cea7fedc76e1bc740e05b45103bfe3
MD5 hash:	ddf33b07b753dc12a1dde38b018cfc0f
humanhash:	skylark-wyoming-sixteen-beryllium
File name:	xnxnxnxnxnxnxnxni386xnxn
Download:	download sample
Signature	Mirai Create hunting rule
File size:	60'788 bytes
First seen:	2026-01-20 19:22:19 UTC
Last seen:	2026-01-20 22:02:16 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:XznwRRM10ac1B010ZtaS4SV/zQUjsPwttl6vdFTAHLkg4azH8:TrREB5taUVLQlwtt0MHLGazH8
TLSH	T1945301D140E5F469C52393F262048F06238ACD91BB05D8DC34CA135B6CAEF5F5F96AE6
telfhash	t1bdb00111dc148d99056045acee0b12dfa584de706e52b313a0b82c19f170d1258249d3
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf UPX

UPX packed

This file is packed with UPX. We have therefore unpacked the file. Below is furhter information about the unpacked (de-compressed) file.

File size (compressed) :	60'788 bytes
File size (de-compressed) :	123'472 bytes
Format:	linux/i386
Unpacked file:	36ca96075904b1438ef4a73b0085749079e25dcc8c7e84f3d13c433cdb6d3a3a

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/8b2aa82b-9e4d-4a61-8e29-c8ad1f3f5805/

Result

Gathering data

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/84577ece-b22f-4b42-9dc1-5717a21088b2

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/aa3f3ba3-9852-444f-bc72-a0a22d50da6e

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1854304

Signature

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/66321062a37720186072c74f329ca866abd7f62989557ec8eb67af201c2aa484

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/66321062a37720186072c74f329ca866abd7f62989557ec8eb67af201c2aa484/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=myzbayvdo4qbqydsy5htfhfim2v5p5rjrfkx5shlm6xsahbkusca._file

Result

Malware family:

n/a

Score:

6/10

Tags:

antivm discovery linux upx

Link:

https://tria.ge/reports/260120-x3lkcagz3a/

Behaviour

Reads runtime system information

Writes file to tmp directory

Changes its process name

Reads system network configuration

Checks hardware identifiers (DMI)

Enumerates active TCP sockets

Enumerates running processes

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	SUSP_ELF_LNX_UPX_Compressed_File Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects a suspicious ELF binary with UPX compression
Reference:	Internal Research