MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dbd2fea29bc0d9174b2ec9073e5b6b8701b8b1e17c5493dcf7d7c299153efb9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8dbd2fea29bc0d9174b2ec9073e5b6b8701b8b1e17c5493dcf7d7c299153efb9
SHA3-384 hash: 115d1325e02e830a10faab98ec122af006c93db25aed283c30548696a8847034d24c1d85ddaf0b1d1728c7049541c963
SHA1 hash: b6742c6ff1d170515503626eedc880b6d89aa7f0
MD5 hash: 7d66ace79523ab8e869d2572f599abc9
humanhash: yankee-carpet-hamper-kitten
File name:powerpc.uhavenobotsxd
Download: download sample
Signature Mirai
Create hunting rule
File size:95'540 bytes
First seen:2026-01-02 02:06:27 UTC
Last seen:2026-01-02 23:59:42 UTC
File type: elf
MIME type:application/x-executable
ssdeep 1536:/h7Ba07C0k4mJNx6HLYLGT3yJp+TxVOqi3Cw9F1ga:/9T7w5Nx6HLdI+dV95a
TLSH T191936D02F31C0A03E1A76DB47F3F27D1D39AAA9112F4E649240FBB499071A32655AEDD
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
107
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30455.LC.BadVar.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-10001386-0
Create hunting rule

Unix.Trojan.Mirai-10010119-0
Create hunting rule

Unix.Trojan.Mirai-10010127-0
Create hunting rule

Unix.Trojan.Mirai-10017351-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
gafgyt mirai
Link:
https://www.filescan.io/uploads/6957284e127d6a14e0cbc340/reports/ab64937a-0456-4d63-bda5-356a82355db6/overview
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2026-01-01T18:24:00Z UTC
Last seen:
2026-01-02T03:42:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8dbd2fea29bc0d9174b2ec9073e5b6b8701b8b1e17c5493dcf7d7c299153efb9/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/5073ee82-4a11-4fbd-a523-e904925d42e4
Behavior Graph:
Download SVG
%3 guuid=8d20aa9d-1700-0000-036e-9cb82b0b0000 pid=2859 /usr/bin/sudo guuid=3e732a9f-1700-0000-036e-9cb8310b0000 pid=2865 /tmp/sample.bin guuid=8d20aa9d-1700-0000-036e-9cb82b0b0000 pid=2859->guuid=3e732a9f-1700-0000-036e-9cb8310b0000 pid=2865 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a930c09e-1400-4db4-8325-bdf6b2e8f8b8
Result
Threat name:
n/a
Detection:
malicious
Classification:
spre.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1843407
Signature
Drops files in suspicious directories
Drops invisible ELF files
Executes the "crontab" command typically for achieving persistence
Modifies the '.bashrc' or '.bash_profile' file typically for persisting actions
Multi AV Scanner detection for submitted file
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using cron
Sample tries to persist itself using System V runlevels
Sample tries to set files in /etc globally writable
Terminates several processes with shell command 'killall'
Writes identical ELF files to multiple locations
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1843407 Sample: powerpc.uhavenobotsxd.elf Startdate: 02/01/2026 Architecture: LINUX Score: 100 90 Multi AV Scanner detection for submitted file 2->90 10 powerpc.uhavenobotsxd.elf 2->10         started        process3 signatures4 92 Sample tries to kill multiple processes (SIGKILL) 10->92 94 Sample reads /proc/mounts (often used for finding a writable filesystem) 10->94 13 powerpc.uhavenobotsxd.elf 10->13         started        process5 file6 82 /var/spool/cron/root, ASCII 13->82 dropped 84 /var/spool/cron/crontabs/root, ASCII 13->84 dropped 86 /root/.bashrc, ASCII 13->86 dropped 88 11 other files (10 malicious) 13->88 dropped 114 Sample tries to set files in /etc globally writable 13->114 116 Sample tries to persist itself using /etc/profile 13->116 118 Drops files in suspicious directories 13->118 120 4 other signatures 13->120 17 powerpc.uhavenobotsxd.elf sh 13->17         started        19 powerpc.uhavenobotsxd.elf sh 13->19         started        21 powerpc.uhavenobotsxd.elf sh 13->21         started        23 79 other processes 13->23 signatures7 process8 process9 25 sh cp 17->25         started        29 sh crontab 19->29         started        31 sh 19->31         started        33 sh cp 21->33         started        35 sh cp 23->35         started        37 sh cp 23->37         started        39 sh rm 23->39         started        41 78 other processes 23->41 file10 72 /usr/bin/.update, ELF 25->72 dropped 96 Writes identical ELF files to multiple locations 25->96 98 Drops invisible ELF files 25->98 100 Drops files in suspicious directories 25->100 74 /var/spool/cron/crontabs/tmp.vH5C2s, ASCII 29->74 dropped 102 Sample tries to persist itself using cron 29->102 104 Executes the "crontab" command typically for achieving persistence 29->104 43 sh crontab 31->43         started        76 /boot/.update, ELF 33->76 dropped 78 /var/jbx/shared/.update, ELF 35->78 dropped 80 /var/log/.update, ELF 37->80 dropped 106 Sample deletes itself 39->106 108 Sample tries to kill multiple processes (SIGKILL) 41->108 110 Terminates several processes with shell command 'killall' 41->110 46 S99backup0 41->46         started        48 S99backup1 41->48         started        50 S99backup2 41->50         started        52 6 other processes 41->52 signatures11 process12 signatures13 112 Executes the "crontab" command typically for achieving persistence 43->112 54 S99backup0 .update 46->54         started        64 5 other processes 46->64 56 S99backup1 .update 48->56         started        66 5 other processes 48->66 58 S99backup2 .update 50->58         started        68 5 other processes 50->68 60 S99network .update 52->60         started        62 .monitor .update 52->62         started        70 10 other processes 52->70 process14
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/8dbd2fea29bc0d9174b2ec9073e5b6b8701b8b1e17c5493dcf7d7c299153efb9
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8dbd2fea29bc0d9174b2ec9073e5b6b8701b8b1e17c5493dcf7d7c299153efb9/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-01 23:18:43 UTC
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rw6s72rjxqgzc5fs5sihhznwxbybxcy6c7cuspoppv6ctekt564q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260102-cj6qysypbr/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-10001386-0
YARA:
n/a
Link:
https://app.threat.zone/submission/9c91cb50-3b4f-4343-83bb-71f82e687c1c
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8dbd2fea29bc0d9174b2ec9073e5b6b8701b8b1e17c5493dcf7d7c299153efb9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202503_elf_Mirai
Create hunting rule
Author:abuse.ch
Description:Detects Mirai 'TSource' ELF files
Rule name:ELF_IoT_Persistence_Hunt
Create hunting rule
Author:4r4
Description:Hunts for ELF files with persistence and download capabilities
Rule name:ELF_Toriilike_persist
Create hunting rule
Author:4r4
Description:Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:Identified via researched data
Rule name:enterpriseapps2
Create hunting rule
Author:Tim Brown @timb_machine
Description:Enterprise apps
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 8dbd2fea29bc0d9174b2ec9073e5b6b8701b8b1e17c5493dcf7d7c299153efb9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3686380/
  
Delivery method
Distributed via web download

Comments