MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6936b7e1bacd7edc3383f72c44dbb2763dd06eb3c71425e9658aa582b8d7e7cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments

SHA256 hash: 6936b7e1bacd7edc3383f72c44dbb2763dd06eb3c71425e9658aa582b8d7e7cd
SHA3-384 hash: fd1000f5986d1ab0bf9f927b43f9033fb572fe24fca01de75a01bbcda5f3842b24297095337752b930d16d81494ad017
SHA1 hash: 1119371b3a52e7d98ae5065afa3e3a9919614427
MD5 hash: 482ad9987d5e93ab0dfaeadef4197b97
humanhash: tennis-december-dakota-mississippi
File name:abzutimdw
Download: download sample
Signature Mirai
File size:243'764 bytes
First seen:2026-07-14 13:14:44 UTC
Last seen:Never
File type: elf
MIME type:application/x-sharedlib
ssdeep 6144:xJquIlmsq7/xIuCZ8QbLOBYGc4uMbwrEvC21blvkx:xcmrsZNLOvc4uMbwoq2Lkx
TLSH T1343422C4AB85B91B1CB366FD0E1E097A2DE66AF84EC506D14318339C623525225F35FF
Magika elf
Reporter abuse_ch
Tags:elf mirai UPX
File size (compressed) :243'764 bytes
File size (de-compressed) :526'068 bytes
Format:linux/ppc32
Unpacked file: 00fe8b5f1686eb713878177f730fe85c79b110fa3dd67ed26d190860a5fae0b1

Intelligence


File Origin
# of uploads :
1
# of downloads :
64
Origin country :
DE DE
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Deletes a file
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
packed upx
Status:
terminated
Behavior Graph:
%3 guuid=87f00260-1900-0000-7a03-4b122d140000 pid=5165 /usr/bin/sudo guuid=72f52563-1900-0000-7a03-4b122e140000 pid=5166 /tmp/sample.bin guuid=87f00260-1900-0000-7a03-4b122d140000 pid=5165->guuid=72f52563-1900-0000-7a03-4b122e140000 pid=5166 execve
Result
Threat name:
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Signature
Sample is packed with UPX
Spawns processes using file descriptor names (likely to hide the executable path or fileless malware)
Yara detected Mirai
Behaviour
Behavior Graph:
Result
Malware family:
n/a
Score:
  5/10
Tags:
linux upx
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:upx_packed_elf_v1
Author:RandomMalware

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 6936b7e1bacd7edc3383f72c44dbb2763dd06eb3c71425e9658aa582b8d7e7cd

(this sample)

  
Delivery method
Distributed via web download

Comments