MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8efed2d5a6e7a3a280585b2027575f40046231c2ec0661e7f916c1a2a561a19b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8efed2d5a6e7a3a280585b2027575f40046231c2ec0661e7f916c1a2a561a19b
SHA3-384 hash: ff6cc2ce6b1f527de669db79af0a2ce1fc58fa402ec758da6980876277658951ddf01284ea2dbef3ec43117758079cc7
SHA1 hash: 975894ed22b24bdc2084831a9d60e795a8ef0bd6
MD5 hash: c17565278449d03607dba3abae049e64
humanhash: earth-social-wolfram-king
File name:xnxnxnxnxnxnxnxnpowerpcxnxn
Download: download sample
Signature Mirai
Create hunting rule
File size:67'600 bytes
First seen:2025-11-25 12:01:26 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:JxWH8l54+XcBdP1MILm3H3n1eifn5kC+I2gm6pptya1u3rPJ:JxWHslX8+Pllf7W6Vu3rPJ
TLSH T1856302FC2123E98CC4430239206E5B140114AF7EC14783E97F6FD6F465E31D0A8ABBAA
Magika elf
Reporter abuse_ch
Tags:elf UPX
File size (compressed) :67'600 bytes
File size (de-compressed) :197'320 bytes
Format:linux/ppc32
Unpacked file: e78db0e35f902a59d3306f5febe68b426043a83af8d2bcf64cdb9a62680cbd32

Intelligence

File Origin
# of uploads :
1
# of downloads :
151
Origin country :
DE DE
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Runs as daemon
Kills processes
Receives data from a server
Locks files
Sends data to a server
DNS request
Creating a file
Creating a file in the %temp% directory
Connection attempt
Substitutes an application name
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
gafgyt packed upx
Link:
https://www.filescan.io/uploads/69259acb64d3c67c614af42a/reports/b1ac79c0-4a4c-4997-a958-686f2e125296/overview
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-11-25T12:13:00Z UTC
Last seen:
2025-11-25T22:11:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8efed2d5a6e7a3a280585b2027575f40046231c2ec0661e7f916c1a2a561a19b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f599b128-d81c-421d-b7ff-eb536844b891
Behavior Graph:
Download SVG
%3 guuid=4cba57b6-1900-0000-3fbe-3b8d70090000 pid=2416 /usr/bin/sudo guuid=ed68c6b8-1900-0000-3fbe-3b8d77090000 pid=2423 /tmp/sample.bin guuid=4cba57b6-1900-0000-3fbe-3b8d70090000 pid=2416->guuid=ed68c6b8-1900-0000-3fbe-3b8d77090000 pid=2423 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/926dae9d-ce3e-4734-8224-71a001aba7db
Result
Threat name:
n/a
Detection:
suspicious
Classification:
evad
Score:
21 / 100
Link:
https://www.joesandbox.com/analysis/1820480
Signature
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/8efed2d5a6e7a3a280585b2027575f40046231c2ec0661e7f916c1a2a561a19b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8efed2d5a6e7a3a280585b2027575f40046231c2ec0661e7f916c1a2a561a19b/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-11-25 12:02:21 UTC
File Type:
ELF32 Big (Exe)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r37nfvng46r2facylmqcov27iacgemoc5qdgdz7zc3a2fjlbugnq._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
linux upx
Link:
https://tria.ge/reports/251125-n7laps1lgv/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/1d36fa4a-6c33-44cb-8b91-e92ac1b73559
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8efed2d5a6e7a3a280585b2027575f40046231c2ec0661e7f916c1a2a561a19b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 8efed2d5a6e7a3a280585b2027575f40046231c2ec0661e7f916c1a2a561a19b

(this sample)

Mirai

elf e78db0e35f902a59d3306f5febe68b426043a83af8d2bcf64cdb9a62680cbd32

  
URLhaus
https://urlhaus.abuse.ch/url/3713390/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 e78db0e35f902a59d3306f5febe68b426043a83af8d2bcf64cdb9a62680cbd32
  
Dropping
MD5 55b350247db0cab8dbe7570d3dba2e83
  
URLhaus
https://urlhaus.abuse.ch/url/3713405/

Comments