MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9df642b7dfda8641fa3ea66ee98e7179865f3a080d64a2b72eaf5188570a5b46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments

SHA256 hash: 9df642b7dfda8641fa3ea66ee98e7179865f3a080d64a2b72eaf5188570a5b46
SHA3-384 hash: 21d5dad12d6519d5cc560bc756f0e9a0a1d2b45a0e64439719d205218f487e660f211033e35d55b068b9f9f76d0b00d2
SHA1 hash: 102631d7404960fb1f85f1477390a0d61349c746
MD5 hash: db10e3663a49551498d08e0d47e71aaa
humanhash: helium-india-nebraska-blue
File name:Services.apk
Download: download sample
Signature Mirai
File size:960'009 bytes
First seen:2026-07-17 18:19:25 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 12288:G3OvmxrmQ5E+dfXNNMWcg5602ivkxuWpjUdKRwt2GqH/Z6NWVtJGbRL2+pFYSuxf:QcYEGVNsgFbWMKRX1TJGbouOxf
TLSH T12715231AB18CAE14E87E0FB6CD5EB11BB769038715397F19EDD25901B3863AC07722C6
TrID 77.1% (.JAR) Java Archive (13500/1/2)
22.8% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter BlinkzSec
Tags:mirai signed

Code Signing Certificate

Organisation:Android Debug
Issuer:Android Debug
Algorithm:sha256WithRSAEncryption
Valid from:2026-06-26T22:25:15Z
Valid to:2056-06-18T22:25:15Z
Serial number: 01
Intelligence: 465 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: d19038280f973a43b1f7ead251fc30efb53f59a9ff470faa5085cad89eb2f9c9
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence


File Origin
# of uploads :
1
# of downloads :
66
Origin country :
IN IN
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
evasive mirai persistence signed
Result
Application Permissions
act as an account authenticator (AUTHENTICATE_ACCOUNTS)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
full Internet access (INTERNET)
prevent phone from sleeping (WAKE_LOCK)
view network status (ACCESS_NETWORK_STATE)
view Wi-Fi status (ACCESS_WIFI_STATE)
read sync settings (READ_SYNC_SETTINGS)
write sync settings (WRITE_SYNC_SETTINGS)
Verdict:
Malicious
File Type:
apk
First seen:
2026-07-17T13:52:00Z UTC
Last seen:
2026-07-18T07:41:00Z UTC
Hits:
~10
Threat name:
Linux.Worm.Mirai
Status:
Malicious
First seen:
2026-07-17 18:18:34 UTC
File Type:
Binary (Archive)
Extracted files:
20
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  6/10
Tags:
android defense_evasion execution persistence
Behaviour
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Acquires the wake lock
Makes use of the framework's foreground persistence service
Requests disabling of battery optimizations (often used to enable hiding in the background).
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:elf_arm_mips_ko_so
Rule name:Jeevan_Malware_Rewards
Author:ShriTiger
Description:Detects JeevanReward variants using Technical, Anti-Analysis, and Indian SE keywords
Rule name:unixredflags3
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

apk 9df642b7dfda8641fa3ea66ee98e7179865f3a080d64a2b72eaf5188570a5b46

(this sample)

  
Delivery method
Distributed via web download

Comments