MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 695b8ed0a111423955281e1db7fb926e5c9ef60db1bde4d9c8a0c245cb9e044a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 695b8ed0a111423955281e1db7fb926e5c9ef60db1bde4d9c8a0c245cb9e044a
SHA3-384 hash: 4bd3a5061755d4b50751add1e6a662354ab4a7b7aa4ab85831edda6e7e662550b70905735c90ee846fcb07b1468dbac5
SHA1 hash: 3c11b79bf4f0f8b3eb2b44515fee3b20962ea625
MD5 hash: b69a5adfaabfc64bcb6b9e72b09d2941
humanhash: oregon-solar-arizona-white
File name:mips
Download: download sample
Signature Mirai
Create hunting rule
File size:105'152 bytes
First seen:2025-11-05 06:59:47 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:qX4D8cG6ecFe0yYf4/XKFeSKbTE62ztuRo6crdsNbBFBLaezeZC78magO30:S4D8cG69M0yYwIeSKbJ2/rmNbrB98Ia0
TLSH T190A3C61E6E118FADF7A8823047B79E22935C37D737E1C685E19CD6046E6028E541FFA8
telfhash t12c214f1c893817e497721dd92bedfb76e56170db4a265e378d00a9adaa2dd424d00c1c
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 55c7bbcc7ea8797f2484fa06186313b85d0bfd834fa851d2ac7f3ea688c5ae13
File size (compressed) :42'216 bytes
File size (de-compressed) :105'152 bytes
Format:linux/mips
Packed file: 55c7bbcc7ea8797f2484fa06186313b85d0bfd834fa851d2ac7f3ea688c5ae13

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Mirai-10017641-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/690af66485b61a93a7369e90/reports/b663e163-f6e0-4a75-b79c-3bb9f678bc45/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/695b8ed0a111423955281e1db7fb926e5c9ef60db1bde4d9c8a0c245cb9e044a
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-11-05T04:10:00Z UTC
Last seen:
2025-11-05T05:11:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/695b8ed0a111423955281e1db7fb926e5c9ef60db1bde4d9c8a0c245cb9e044a/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/dfa618a8-d868-4833-8f4c-e4bd274d5aec
Behavior Graph:
Download SVG
%3 guuid=75886006-1900-0000-828c-f2de620b0000 pid=2914 /usr/bin/sudo guuid=38188608-1900-0000-828c-f2de680b0000 pid=2920 /tmp/sample.bin guuid=75886006-1900-0000-828c-f2de620b0000 pid=2914->guuid=38188608-1900-0000-828c-f2de680b0000 pid=2920 execve guuid=c0452809-1900-0000-828c-f2de6c0b0000 pid=2924 /usr/bin/dash guuid=38188608-1900-0000-828c-f2de680b0000 pid=2920->guuid=c0452809-1900-0000-828c-f2de6c0b0000 pid=2924 clone
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1d858a3f-23cc-443a-9ba4-bb01d6f624ff
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1808345
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1808345 Sample: mips.elf Startdate: 05/11/2025 Architecture: LINUX Score: 64 14 34.254.182.186, 443, 54652 AMAZON-02US United States 2->14 16 Antivirus / Scanner detection for submitted sample 2->16 18 Multi AV Scanner detection for submitted file 2->18 20 Yara detected Mirai 2->20 6 dash rm 2->6         started        8 dash cut 2->8         started        10 dash head 2->10         started        12 8 other processes 2->12 signatures3 process4
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/695b8ed0a111423955281e1db7fb926e5c9ef60db1bde4d9c8a0c245cb9e044a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/695b8ed0a111423955281e1db7fb926e5c9ef60db1bde4d9c8a0c245cb9e044a/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/695b8ed0a111423955281e1db7fb926e5c9ef60db1bde4d9c8a0c245cb9e044a
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-05 07:01:58 UTC
File Type:
ELF32 Big (Exe)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nfny5ufbcfbdsvjidyo3p64snzoj55qnwg66jwoiudbels46arfa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai defense_evasion discovery
Link:
https://tria.ge/reports/251105-htkt5atmhj/
Behaviour
System Network Configuration Discovery
Modifies Watchdog functionality
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-10017641-0
YARA:
n/a
Link:
https://app.threat.zone/submission/8b9bd199-5c91-4f5f-aadd-7f2afe97c1c5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/695b8ed0a111423955281e1db7fb926e5c9ef60db1bde4d9c8a0c245cb9e044a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 55c7bbcc7ea8797f2484fa06186313b85d0bfd834fa851d2ac7f3ea688c5ae13

Mirai

elf 695b8ed0a111423955281e1db7fb926e5c9ef60db1bde4d9c8a0c245cb9e044a

(this sample)

  
Dropped by
SHA256 55c7bbcc7ea8797f2484fa06186313b85d0bfd834fa851d2ac7f3ea688c5ae13
  
URLhaus
https://urlhaus.abuse.ch/url/3692021/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 31400dbd5a84a6bc12d522aa3909be4b

Comments