MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86490006aeb6706694c1b51ae60abfd4069e6ff5d86fdb76c3b09650fbbb0ff7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86490006aeb6706694c1b51ae60abfd4069e6ff5d86fdb76c3b09650fbbb0ff7
SHA3-384 hash: dbfc7f02a2807b6eba159357add5267d8ef938be2792218dca22c9f73d616aa4324527dc7d8c65f055430d7c6d113268
SHA1 hash: ae54381d067844a33577c2b1a634923d24d5e9c4
MD5 hash: 67126810c0594838dbddcbe3366c2851
humanhash: sink-louisiana-blue-august
File name:MIPS
Download: download sample
Signature Mirai
Create hunting rule
File size:2'059'244 bytes
First seen:2026-02-25 16:12:16 UTC
Last seen:2026-02-25 17:40:36 UTC
File type: elf
MIME type:application/x-executable
ssdeep 49152:Ug1jGKMvRIHGI8FGDWCOxz51Vrtdr4YyzUlBnwn:31j2+R8dCOxzVrbcYuUlRa
TLSH T18E9533CD507ED1F2DDADB8BFCAFA0270CD61E729850F385958C9B6263606418BD0B396
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf UPX
File size (compressed) :2'059'244 bytes
File size (de-compressed) :9'044'147 bytes
Format:linux/mips
Unpacked file: 56b57f5d1c1c0650ec97cd8c6e6acb80462deee5c0ae8250ebb4d3bbf9a2fbb9

Intelligence

File Origin
# of uploads :
3
# of downloads :
98
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Changes access rights for a written file
Sends data to a server
Launching a process
Creating a file in the %temp% directory
Collects information on the CPU
Receives data from a server
Creating a file
Collects information on the OS
Runs as daemon
Creating a process from a recently created file
Changes the time when the file was created, accessed, or modified
Creates or modifies files in /cron to set up autorun
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
unknown
Number of open files:
50
Number of processes launched:
12
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/86490006aeb6706694c1b51ae60abfd4069e6ff5d86fdb76c3b09650fbbb0ff7
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Gathering data
Verdict:
Unknown
File Type:
elf.32.be
Link:
https://opentip.kaspersky.com/86490006aeb6706694c1b51ae60abfd4069e6ff5d86fdb76c3b09650fbbb0ff7/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2ee9f745-4da5-4b0e-b392-1dbb6434bb69
Behavior Graph:
Download SVG
%3 guuid=c97f563a-1c00-0000-fff3-2c2f9c0a0000 pid=2716 /usr/bin/sudo guuid=31df303c-1c00-0000-fff3-2c2fa30a0000 pid=2723 /tmp/sample.bin guuid=c97f563a-1c00-0000-fff3-2c2f9c0a0000 pid=2716->guuid=31df303c-1c00-0000-fff3-2c2fa30a0000 pid=2723 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/83fd2cb6-99b3-422a-9b91-851cc68fb43a
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1874833
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/86490006aeb6706694c1b51ae60abfd4069e6ff5d86fdb76c3b09650fbbb0ff7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86490006aeb6706694c1b51ae60abfd4069e6ff5d86fdb76c3b09650fbbb0ff7/
Threat name:
Linux.PUA.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-25 16:13:41 UTC
File Type:
ELF32 Big (Exe)
AV detection:
3 of 36 (8.33%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qzeqabvowzygnfgbwunomcv72qdj437v3bx5w5wdwclfb653b73q._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery execution persistence privilege_escalation upx
Link:
https://tria.ge/reports/260225-tns44acy7h/
Behaviour
GoLang User-Agent
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Reads CPU attributes
Creates/modifies Cron job
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/86490006aeb6706694c1b51ae60abfd4069e6ff5d86fdb76c3b09650fbbb0ff7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 86490006aeb6706694c1b51ae60abfd4069e6ff5d86fdb76c3b09650fbbb0ff7

(this sample)

Mirai

elf 56b57f5d1c1c0650ec97cd8c6e6acb80462deee5c0ae8250ebb4d3bbf9a2fbb9

  
URLhaus
https://urlhaus.abuse.ch/url/3785556/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3785571/
  
Dropping
SHA256 56b57f5d1c1c0650ec97cd8c6e6acb80462deee5c0ae8250ebb4d3bbf9a2fbb9
  
Dropping
MD5 802ea96078b09cf30451c57fb7553ff8

Comments