MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68e191a2cc8acf6469dc9c4a588ff8c753a79d4a088ff47b65d5be6935249919. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	68e191a2cc8acf6469dc9c4a588ff8c753a79d4a088ff47b65d5be6935249919
SHA3-384 hash:	f7f44aa54e13b1e13d18d4d5ede7801f4e81c43b6230a3be983fff638434cecc74473c2d54b1f7ac0a79da86f3b4bf9d
SHA1 hash:	20dd281c28aad8901090db0c69f9e8b117a47e88
MD5 hash:	45d7a47e7db1f647a3f2b05fa51ddcfa
humanhash:	grey-minnesota-comet-winner
File name:	armv5l
Download:	download sample
Signature	Mirai Create hunting rule
File size:	66'696 bytes
First seen:	2025-11-01 10:31:27 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:sv87WGgxDv2OQyo3SQBGOattyLNKs56mzOXJpuVfDUSiH:svk1gRvZQyxn1ygsAofM
TLSH	T1F4531890BD816A22C6E42276FB2E418E331553A8D2DF7317CD22AF157BCA95B0E77701
telfhash	t1e531fb71ce881fdc73e143c5428e522ad69932fc570236a89fac3b9f05239e1f06943a
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 ce14f6734aca617f41906ff32c6a98787126e826d70b1f04608df19d7d92383f

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	31'984 bytes
File size (de-compressed) :	66'696 bytes
Format:	linux/arm
Packed file:	ce14f6734aca617f41906ff32c6a98787126e826d70b1f04608df19d7d92383f

Intelligence

File Origin

# of uploads :

# of downloads :

112

Origin country :

Vendor Threat Intelligence

Result

Verdict:

Clean

Maliciousness:

Gathering data

Verdict:

Malicious

File Type:

elf.32.le

First seen:

2025-11-01T08:21:00Z UTC

Last seen:

2025-11-01T13:01:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/68e191a2cc8acf6469dc9c4a588ff8c753a79d4a088ff47b65d5be6935249919/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/85c230ad-c898-4f18-a296-ba3c95e944a3

Behavior Graph:

Download SVG

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4e90382c-616d-4888-98c6-bf7edf208f99

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1806251

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/68e191a2cc8acf6469dc9c4a588ff8c753a79d4a088ff47b65d5be6935249919

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/68e191a2cc8acf6469dc9c4a588ff8c753a79d4a088ff47b65d5be6935249919/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-11-01 10:36:36 UTC

File Type:

ELF32 Little (Exe)

AV detection:

14 of 24 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ndqzdiwmrlhwi2o4trffrd7yy5j2phkkbch7i63f2w7gsnjetemq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai

Link:

https://tria.ge/reports/251101-mmtwnssjfj/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/68e191a2cc8acf6469dc9c4a588ff8c753a79d4a088ff47b65d5be6935249919

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.