MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1f7f5383d0f7ba5aa3343096a0812a73ca4ca3f72eb29db736c00b045ffc677. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1f7f5383d0f7ba5aa3343096a0812a73ca4ca3f72eb29db736c00b045ffc677
SHA3-384 hash: 35758402d2e56310be10eaf3a6993b8c5e509714705975e1f590f2b28bb1f6e2f9dac425af424b0eed78cbf5198eece7
SHA1 hash: f14444e2aa94f9b9dc1b3214eeaac90b5a52f97b
MD5 hash: e9adfb77b80973178ea5c092ba520667
humanhash: island-alpha-apart-one
File name:mdsync1
Download: download sample
Signature Mirai
Create hunting rule
File size:2'116'364 bytes
First seen:2026-02-18 18:59:40 UTC
Last seen:2026-02-19 14:35:03 UTC
File type: elf
MIME type:application/x-executable
ssdeep 49152:gN2ZH67EgLwjw5LSwaEqsXm/GF8RbY2j/1QIBsvudWeq7:gN4H6ggLwj4xa3vrpiImv9
TLSH T15BA5332664DE2B633074A25CDEA2B74617CDF2BCA9DB030F9503765B2C4A0933D82DE5
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf UPX
File size (compressed) :2'116'364 bytes
File size (de-compressed) :7'995'540 bytes
Format:linux/arm
Unpacked file: cf17c5aba9f7f5ecd9bdcba6a9ffd3493173f0d178e839854d50e5d57ecf9602

Intelligence

File Origin
# of uploads :
3
# of downloads :
81
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
UPX
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/b1f7f5383d0f7ba5aa3343096a0812a73ca4ca3f72eb29db736c00b045ffc677
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Clean
File Type:
elf.32.le
Link:
https://opentip.kaspersky.com/b1f7f5383d0f7ba5aa3343096a0812a73ca4ca3f72eb29db736c00b045ffc677/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/5a5d88c8-85e8-47c1-88d4-bddafb32900e
Behavior Graph:
Download SVG
%3 guuid=72827788-1f00-0000-8177-02188a0a0000 pid=2698 /usr/bin/sudo guuid=2613098b-1f00-0000-8177-0218930a0000 pid=2707 /tmp/sample.bin guuid=72827788-1f00-0000-8177-02188a0a0000 pid=2698->guuid=2613098b-1f00-0000-8177-0218930a0000 pid=2707 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/7a5dbb1e-945f-4b12-a5d7-6377a38b0c55
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1871434
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/b1f7f5383d0f7ba5aa3343096a0812a73ca4ca3f72eb29db736c00b045ffc677
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1f7f5383d0f7ba5aa3343096a0812a73ca4ca3f72eb29db736c00b045ffc677/
Threat name:
Linux.Trojan.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2026-02-18 19:13:17 UTC
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wh37kob5b552lkrtimewucasu46kjsr7olvstw3tnqalarp7yz3q._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery upx
Link:
https://tria.ge/reports/260218-xn435sfs7h/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b1f7f5383d0f7ba5aa3343096a0812a73ca4ca3f72eb29db736c00b045ffc677

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf b1f7f5383d0f7ba5aa3343096a0812a73ca4ca3f72eb29db736c00b045ffc677

(this sample)

Mirai

elf cf17c5aba9f7f5ecd9bdcba6a9ffd3493173f0d178e839854d50e5d57ecf9602

  
URLhaus
https://urlhaus.abuse.ch/url/3780668/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3780672/
  
Dropping
SHA256 cf17c5aba9f7f5ecd9bdcba6a9ffd3493173f0d178e839854d50e5d57ecf9602
  
Dropping
MD5 ca3733f2e64bcfb0edde74ed7d925f96

Comments