MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ecddb78e303ba6a90cbbfc6c291ebe2257d8f140d467d51d354f6f062c56184. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ecddb78e303ba6a90cbbfc6c291ebe2257d8f140d467d51d354f6f062c56184
SHA3-384 hash: ef0a66de9e67853df6d3ca7a963e568241e1a17980aac5acb892a2a2c2b7e81149103f11fe22f2f1295f2f34c50395c3
SHA1 hash: 15e85562928da6bfd17b953ce3d3bae76fa99700
MD5 hash: ec7bb0d2e90da3cdbaab6020d706e06a
humanhash: saturn-leopard-one-seventeen
File name:kswapd1
Download: download sample
Signature Mirai
Create hunting rule
File size:2'119'320 bytes
First seen:2026-02-18 18:59:38 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 49152:qaer0wkZSetpKlADM0NC5GLJhABCZ5HgQlgLVYA5RDnZnE6l:L/8et4lgNRABCXlKJYk5ZE6l
TLSH T162A5339C46E39608E5DC162BF1527E4B26AD1F0D9C6069C600E74FABFECB48D28DF854
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf UPX
File size (compressed) :2'119'320 bytes
File size (de-compressed) :7'995'540 bytes
Format:linux/arm
Unpacked file: 2796a4106e4670f5daa8c3400fbe595e98ee9148a5a882107af553c0db24a230

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/9ecddb78e303ba6a90cbbfc6c291ebe2257d8f140d467d51d354f6f062c56184
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c404938f-64f8-4d48-ace6-319c8c8b19c3
Behavior Graph:
Download SVG
%3 guuid=c27dc550-1a00-0000-6771-4529010b0000 pid=2817 /usr/bin/sudo guuid=c72a7353-1a00-0000-6771-4529030b0000 pid=2819 /tmp/sample.bin guuid=c27dc550-1a00-0000-6771-4529010b0000 pid=2817->guuid=c72a7353-1a00-0000-6771-4529030b0000 pid=2819 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b077f005-6c03-49c9-8653-9f1a9dbe3dbb
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1871435
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/9ecddb78e303ba6a90cbbfc6c291ebe2257d8f140d467d51d354f6f062c56184
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9ecddb78e303ba6a90cbbfc6c291ebe2257d8f140d467d51d354f6f062c56184/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t3g5w6hdao5gveglx7dmfepl4isx3dyubvdh2uotkt3paywfmgca._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery upx
Link:
https://tria.ge/reports/260218-xn435sfs7g/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9ecddb78e303ba6a90cbbfc6c291ebe2257d8f140d467d51d354f6f062c56184

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 9ecddb78e303ba6a90cbbfc6c291ebe2257d8f140d467d51d354f6f062c56184

(this sample)

Mirai

elf 2796a4106e4670f5daa8c3400fbe595e98ee9148a5a882107af553c0db24a230

  
URLhaus
https://urlhaus.abuse.ch/url/3780662/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3780670/
  
Dropping
SHA256 2796a4106e4670f5daa8c3400fbe595e98ee9148a5a882107af553c0db24a230
  
Dropping
MD5 65918c4a7a827b3a000c12eaced23cc3

Comments