MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d65e75bbf5d6bb85264473ac2bb8b6066c06cd119ed770bc15b4f1644dd6c98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d65e75bbf5d6bb85264473ac2bb8b6066c06cd119ed770bc15b4f1644dd6c98
SHA3-384 hash: 5b7d6cbc1cf5187f2a1b0334b806648f7ff7cf03924a48875f4817ddbd2389b2c623eb7b880303d2ed67efba244b2a8e
SHA1 hash: a7152add25fb10451745f1c2f2e58bd50a124460
MD5 hash: 660a71cbcfa4b40b33e9ea47732d6302
humanhash: ink-tango-moon-pennsylvania
File name:agent_main_dump
Download: download sample
Signature Mirai
Create hunting rule
File size:71'624 bytes
First seen:2026-04-28 17:33:40 UTC
Last seen:Never
File type: elf
MIME type:application/x-sharedlib
ssdeep 1536:BYxXJPA83xLd1ZWGXVAOH0Su8YWppUaFjl:BU5n3VZWGlA68sUaFh
TLSH T182633A07F99394BDC9C68730864F9132BA7178B597226E7F36009B752D12F581B2EF22
telfhash t13bf0520aaa3c499d0ae35d708c6947965043e2335427e22aff22efc0943f840f50884f
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 6ecb67bebce635ef12428803015b06586d1cfe5519504baefc3cc0b927b85699
File size (compressed) :34'540 bytes
File size (de-compressed) :71'624 bytes
Format:linux/amd64
Packed file: 6ecb67bebce635ef12428803015b06586d1cfe5519504baefc3cc0b927b85699

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
DNS request
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
gcc
Link:
https://www.filescan.io/uploads/69f0efa9c06ec088bf61d99d/reports/ef9cd0a9-2db9-485b-a902-43bcb00d8f84/overview
Verdict:
Unknown
File Type:
elf.64.le
Link:
https://opentip.kaspersky.com/8d65e75bbf5d6bb85264473ac2bb8b6066c06cd119ed770bc15b4f1644dd6c98/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/669fd879-bb99-4ea2-bd67-04fb6b6dc874
Behavior Graph:
Download SVG
%3 guuid=87b72e97-1800-0000-94e8-d02c870c0000 pid=3207 /usr/bin/sudo guuid=bacae798-1800-0000-94e8-d02c8d0c0000 pid=3213 /tmp/sample.bin guuid=87b72e97-1800-0000-94e8-d02c870c0000 pid=3207->guuid=bacae798-1800-0000-94e8-d02c8d0c0000 pid=3213 execve guuid=bacae798-1800-0000-94e8-d02c8d0c0000 pid=3215 /tmp/sample.bin guuid=bacae798-1800-0000-94e8-d02c8d0c0000 pid=3213->guuid=bacae798-1800-0000-94e8-d02c8d0c0000 pid=3215 clone guuid=bacae798-1800-0000-94e8-d02c8d0c0000 pid=3216 /tmp/sample.bin net send-data guuid=bacae798-1800-0000-94e8-d02c8d0c0000 pid=3213->guuid=bacae798-1800-0000-94e8-d02c8d0c0000 pid=3216 clone a6d017d4-5e2f-55f3-b27c-9cbca9bfc1ac 43.139.81.96:443 guuid=bacae798-1800-0000-94e8-d02c8d0c0000 pid=3216->a6d017d4-5e2f-55f3-b27c-9cbca9bfc1ac con 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=bacae798-1800-0000-94e8-d02c8d0c0000 pid=3216->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 56B
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/31d9ce14-2b94-4b17-ac00-eab99db2a2da
Score:
72%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/8d65e75bbf5d6bb85264473ac2bb8b6066c06cd119ed770bc15b4f1644dd6c98
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8d65e75bbf5d6bb85264473ac2bb8b6066c06cd119ed770bc15b4f1644dd6c98/
Threat name:
Linux.Trojan.Qwexlafiba
Create hunting rule
Status:
Malicious
First seen:
2026-04-28 17:34:41 UTC
File Type:
ELF64 Little (SO)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rvs6ow57lvv3qutei45mfo4lmbtma3grdhwxoc6blnhrmrg5nsma._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260428-v5ajracv2v/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8d65e75bbf5d6bb85264473ac2bb8b6066c06cd119ed770bc15b4f1644dd6c98

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:setsockopt
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for setsockopt() red flags
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Mirai

elf 6ecb67bebce635ef12428803015b06586d1cfe5519504baefc3cc0b927b85699

Mirai

elf 8d65e75bbf5d6bb85264473ac2bb8b6066c06cd119ed770bc15b4f1644dd6c98

(this sample)

  
Dropped by
SHA256 6ecb67bebce635ef12428803015b06586d1cfe5519504baefc3cc0b927b85699
  
Dropped by
MD5 754d9e0db5469dd0ec97aaa98175fe09

Comments