MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b32ed8402b59c12f1de60039b5604e932a0fbb4a5a4cb89058fd918d11ea2afc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 12

Intelligence 12 IOCs YARA 4 File information Comments

SHA256 hash:	b32ed8402b59c12f1de60039b5604e932a0fbb4a5a4cb89058fd918d11ea2afc
SHA3-384 hash:	ace75f5071fc42fb028610496a002a4b78c34a91b6c79d7ac9749e8adef80f0be7f5b96981e44d61b4d51fae5be8795f
SHA1 hash:	4e6ae85b7cafee9e0b1b8763a82a2c3cd9ad3119
MD5 hash:	cafc83877cb9b827afed4dd4dfcddd1f
humanhash:	network-skylark-vegan-mountain
File name:	arm7
Download:	download sample
Signature	Mirai Create hunting rule
File size:	195'164 bytes
First seen:	2026-01-01 18:30:31 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	3072:UfHxCkwnoOREHKVAbW58fyitIfKNwODuxEHK1gInWhszm/D2ldfl+caaNBpj7hto:UfRPwoOREHKVAbW58fyeIfKNwODuxEHP
TLSH	T127142946ED418E11C4D622FAFAAF418833536BB9E2FA7102DE245F6023C699F0F77552
telfhash	t1f3d02b15472505f4f3f58040cd8e7b2573e2d7992b0d14110be4ff7a48138d05430c17
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 d7f4b6f4d7b7a82ad45a5db4d9d509f330c6a2cafa902eaf88139f1268875b3e

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	75'156 bytes
File size (de-compressed) :	195'164 bytes
Format:	linux/arm
Packed file:	d7f4b6f4d7b7a82ad45a5db4d9d509f330c6a2cafa902eaf88139f1268875b3e

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

Mirai

Details

Mirai

an XOR decryption key and at least a c2 socket address

Link:

https://research.acce.ciphertechsolutions.com/results/b301c2ef-2b17-479c-b0ab-2b8030d8c6d5/

Detection(s):

SecuriteInfo.com.Linux.Siggen.9999-6.UNOFFICIAL

Unix.Trojan.Mirai-7100807-0

Unix.Dropper.Mirai-7135897-0

Unix.Dropper.Mirai-7135901-0

Unix.Dropper.Mirai-7135909-0

Unix.Trojan.Mirai-7135916-0

Unix.Dropper.Mirai-7135918-0

Unix.Dropper.Mirai-7135954-0

Unix.Dropper.Mirai-7136016-0

Unix.Dropper.Mirai-7136028-0

Unix.Trojan.Mirai-8025795-0

Unix.Trojan.Mirai-9441505-0

Unix.Dropper.Mirai-10007027-0

Unix.Trojan.Mirai-10009361-0

Unix.Trojan.Mirai-10056463-0

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

gafgyt gcc mirai obfuscated rust

Link:

https://www.filescan.io/uploads/6956bd6f148c21e830ef37c9/reports/f9feee4d-f18c-4d3f-9e2d-d8a0085634da/overview

Verdict:

Malicious

File Type:

elf.32.le

First seen:

2026-01-01T15:37:00Z UTC

Last seen:

2026-01-03T09:13:00Z UTC

Hits:

~10

Detections:

HEUR:Backdoor.Linux.Mirai.r HEUR:Backdoor.Linux.Mirai.cw HEUR:Backdoor.Linux.Mirai.b HEUR:Backdoor.Linux.Gafgyt.bl HEUR:Backdoor.Linux.Gafgyt.bj

Link:

https://opentip.kaspersky.com/b32ed8402b59c12f1de60039b5604e932a0fbb4a5a4cb89058fd918d11ea2afc/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/0999eb8d-6044-4068-bf1d-58fa6d8e914a

Behavior Graph:

Download SVG

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9f12399f-acb1-400e-be7f-face85c39861

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/b32ed8402b59c12f1de60039b5604e932a0fbb4a5a4cb89058fd918d11ea2afc

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b32ed8402b59c12f1de60039b5604e932a0fbb4a5a4cb89058fd918d11ea2afc/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/b32ed8402b59c12f1de60039b5604e932a0fbb4a5a4cb89058fd918d11ea2afc

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2026-01-01 18:31:13 UTC

File Type:

ELF32 Little (Exe)

AV detection:

16 of 24 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wmxnqqbllhas6hpgaa43kycosmva7o2kljglrecy7wiy2epkfl6a._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet defense_evasion discovery execution persistence privilege_escalation

Link:

https://tria.ge/reports/260101-w5swrshj7s/

Behaviour

Command and Scripting Interpreter: Unix Shell

Reads runtime system information

Changes its process name

Reads system network configuration

Writes file to system bin folder

Enumerates active TCP sockets

Enumerates running processes

Modifies systemd

Write file to user bin folder

Modifies Watchdog functionality

Mirai

Mirai family

Malware Config

C2 Extraction:

teamc2.duckdns.org

Verdict:

Malicious

Tags:

Unix.Trojan.Mirai-7100807-0

YARA:

n/a

Link:

https://app.threat.zone/submission/71905810-036e-438d-a3fb-a23c04d0b6b7

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/b32ed8402b59c12f1de60039b5604e932a0fbb4a5a4cb89058fd918d11ea2afc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	ELF_Mirai Create hunting rule
Author:	NDA0E
Description:	Detects multiple Mirai variants

Rule name:	ELF_Toriilike_persist Create hunting rule
Author:	4r4
Description:	Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:	Identified via researched data