MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ab64102d7c4b53750add9a5505a4b67d5144642dd78b8b2ec90029d6920e1b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 10

Intelligence 10 IOCs YARA 11 File information Comments

SHA256 hash:	7ab64102d7c4b53750add9a5505a4b67d5144642dd78b8b2ec90029d6920e1b6
SHA3-384 hash:	255cf4511dde54e9fbf14bdd60b350d7f8f086a12726b158acb47095f78a635c848ba531d150855134d01144f91f2b8f
SHA1 hash:	859e132265abba999f44b66c042c3afc9f1cd0f9
MD5 hash:	f65e2d4abb6222c6d35047130dd23238
humanhash:	california-oregon-jig-yellow
File name:	Yboats.mips
Download:	download sample
Signature	Mirai Create hunting rule
File size:	156'624 bytes
First seen:	2025-12-03 12:25:40 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	3072:rVVUXBxNVUPEtdM8yeuL9OCHntjzYeWvMHl5OlCbAgeYuA:roBxNVW5LpntjzYCHfOEwA
TLSH	T15DE3B60E7E219F7DF7AD863507B78E24635833D622E1D284E16CE9111EA038E642FF95
telfhash	t10f21a74c4a7412e067311c9e2adeff77d1a130df6b225d378e11a46db7ad8424e10c1c
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 025b91b0113ab068d7465001b42aff05895b521a0f69e4398493be6fc7771cd0

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	46'180 bytes
File size (de-compressed) :	156'624 bytes
Format:	linux/mips
Packed file:	025b91b0113ab068d7465001b42aff05895b521a0f69e4398493be6fc7771cd0

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

Mirai

Details

Mirai

an XOR decryption key and at least a c2 socket address

Detection(s):

Sanesecurity.Malware.29502.LC.UNOFFICIAL

Sanesecurity.Malware.30442.LC.UNOFFICIAL

Sanesecurity.Malware.29524.LC.UNOFFICIAL

Sanesecurity.Malware.30455.LC.BadVar.UNOFFICIAL

Unix.Dropper.Mirai-7135870-0

Unix.Dropper.Mirai-7135906-0

Unix.Dropper.Mirai-7135966-0

Unix.Dropper.Mirai-7135979-0

Unix.Dropper.Mirai-7135980-0

Unix.Dropper.Mirai-7171384-0

Unix.Dropper.Mirai-7355719-0

Unix.Trojan.Mirai-9935718-0

Unix.Trojan.Mirai-9945193-0

Unix.Trojan.Mirai-9946826-0

Unix.Dropper.Mirai-9977145-0

Unix.Dropper.Mirai-10008433-0

Unix.Trojan.Mirai-10017641-0

Unix.Trojan.Mirai-10028946-0

Unix.Trojan.Gafgyt-6748839-0

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

bash lolbin masquerade mirai obfuscated

Link:

https://www.filescan.io/uploads/69302c69581354efeadb32bb/reports/868ec291-3ee5-464d-8db6-8489c0a943b5/overview

Result

Gathering data

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/e44a8991-16c7-4625-bcd8-6c765dcc2828

Result

Threat name:

Mirai, Okiru

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1825326

Signature

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample deletes itself

Yara detected Mirai

Yara detected Okiru

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/7ab64102d7c4b53750add9a5505a4b67d5144642dd78b8b2ec90029d6920e1b6

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/7ab64102d7c4b53750add9a5505a4b67d5144642dd78b8b2ec90029d6920e1b6/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-12-03 12:26:20 UTC

File Type:

ELF32 Big (Exe)

AV detection:

23 of 36 (63.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pk3ecawxys2toufn3gsvawslm7krirsc3v4lrmxmsabj22ja4g3a._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai discovery

Link:

https://tria.ge/reports/251203-pmbq7sxjhw/

Behaviour

System Network Configuration Discovery

Deletes itself

Gathering data

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.84

Link:

https://yomi.yoroi.company/submissions/7ab64102d7c4b53750add9a5505a4b67d5144642dd78b8b2ec90029d6920e1b6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CVE_2017_17215 Create hunting rule
Author:	NDA0E
Description:	Detects exploitation attempt of CVE-2017-17215

Rule name:	ELF_Mirai Create hunting rule
Author:	NDA0E
Description:	Detects multiple Mirai variants

Rule name:	iot_req_metachar Create hunting rule

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	Linux_Generic_Threat_1ac392ca Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Generic_Threat_3bcc1630 Create hunting rule
Author:	Elastic Security

Rule name:	MAL_ELF_LNX_Mirai_Oct10_1 Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects ELF Mirai variant
Reference:	Internal Research

Rule name:	MAL_ELF_LNX_Mirai_Oct10_1_RID2F39 Create hunting rule
Author:	Florian Roth
Description:	Detects ELF Mirai variant
Reference:	Internal Research

Rule name:	SUSP_XORed_Mozilla_Oct19 Create hunting rule
Author:	Florian Roth
Description:	Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
Reference:	https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()

Rule name:	SUSP_XORed_Mozilla_RID2DB4 Create hunting rule
Author:	Florian Roth
Description:	Detects suspicious XORed keyword - Mozilla/5.0
Reference:	Internal Research