MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fdcef2cebf753fc3860beb0360d1df405d91af69532839f123d54849c656afe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA 12 File information Comments

SHA256 hash:	7fdcef2cebf753fc3860beb0360d1df405d91af69532839f123d54849c656afe
SHA3-384 hash:	bdd7e7b8e55270716a2c913398e43e2650a460fa7c4596357cd40779ca340d33a95944556e63bcf5755940192b84eea0
SHA1 hash:	eef8bfe20dcd05d648c7780eb0e6b89fbd8ceb76
MD5 hash:	b1be15def2608556a701718cd2a64dc8
humanhash:	stairway-mars-minnesota-montana
File name:	boatnet.x86_64
Download:	download sample
Signature	Mirai Create hunting rule
File size:	59'688 bytes
First seen:	2026-04-27 23:26:04 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	768:rIseKUk5B5OKA4vmpK5zoSjLyw1plFG3Kk7pKr1IxDvIGS/s3qUVG+3RddWZIGuC:9UulCpQoS3plac1I1IG6sPVD3PsZBuM
TLSH	T1BF438E13A580D0FDC8DBC1784BAFA229E5B3747A5271B31E27C4EE262E6DE516E0D740
telfhash	t1a12122717a1a2cd574fbf926b749e2608cb40d7204e031eae672b6f9ef187400977866
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 3fa092682741365d3704f8692f28e19d890c8d4bc76bca53e23cd874ed09897c

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	34'320 bytes
File size (de-compressed) :	59'688 bytes
Format:	linux/amd64
Packed file:	3fa092682741365d3704f8692f28e19d890c8d4bc76bca53e23cd874ed09897c

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

Unix.Dropper.Mirai-7540662-0

Result

Verdict:

Clean

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

mirai obfuscated soft-404

Link:

https://www.filescan.io/uploads/69eff0a38a82359247b646ee/reports/1e53d9b0-b5e7-4efe-9b11-1155a10598fa/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

x86

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/7fdcef2cebf753fc3860beb0360d1df405d91af69532839f123d54849c656afe

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Verdict:

Unknown

File Type:

elf.64.le

Link:

https://opentip.kaspersky.com/7fdcef2cebf753fc3860beb0360d1df405d91af69532839f123d54849c656afe/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/d6344783-ca5e-43e9-9abf-b323598a5514

Behavior Graph:

Download SVG

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/3e9a5cc0-8922-44b2-857a-9d698e626f9d

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/7fdcef2cebf753fc3860beb0360d1df405d91af69532839f123d54849c656afe

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/7fdcef2cebf753fc3860beb0360d1df405d91af69532839f123d54849c656afe/

Threat name:

Linux.Trojan.Qwexlafiba

Status:

Malicious

First seen:

2026-04-27 23:26:36 UTC

File Type:

ELF64 Little (Exe)

AV detection:

12 of 24 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=p7oo6lhl65j7yodax2ydmdi56qc5sgxwsuzihhyshvkijhdfnl7a._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/260427-3e3rlsev5n/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.93

Link:

https://yomi.yoroi.company/submissions/7fdcef2cebf753fc3860beb0360d1df405d91af69532839f123d54849c656afe

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	ELF_Toriilike_persist Create hunting rule
Author:	4r4
Description:	Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:	Identified via researched data

Rule name:	Linux_Trojan_Gafgyt_0cd591cd Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Gafgyt_33b4111a Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Gafgyt_620087b9 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Gafgyt_807911a2 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Gafgyt_9e9530a7 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Gafgyt_a33a8363 Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Gafgyt_d0c57a2e Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Gafgyt_d4227dbf Create hunting rule
Author:	Elastic Security

Rule name:	Linux_Trojan_Gafgyt_d996d335 Create hunting rule
Author:	Elastic Security

Rule name:	meth_stackstrings Create hunting rule
Author:	Willi Ballenthin

Rule name:	TH_Generic_MassHunt_Linux_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Generic Linux malware mass-hunt rule - 2026
Reference:	https://cyfare.net/