MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 baf58c8b685e602fc75a3591005d3f9f2bfc5ea0ccce6bf54e542a29fe5cd048. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 4

Intelligence 4 IOCs YARA 1 File information Comments

SHA256 hash:	baf58c8b685e602fc75a3591005d3f9f2bfc5ea0ccce6bf54e542a29fe5cd048
SHA3-384 hash:	c143bd8b39b20eb3e91913d34c97dd9ce30963e11bbeb86f1727765104d5828f457dba48767a16f529aa9b934f5505ac
SHA1 hash:	7eb5e7268e427650deae27bce06a0c9f149fde73
MD5 hash:	5cc35b730981e493e90886ac448e828b
humanhash:	delaware-shade-quebec-cat
File name:	kitty.m68k
Download:	download sample
Signature	Mirai Create hunting rule
File size:	59'212 bytes
First seen:	2025-08-21 01:30:43 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-sharedlib
ssdeep	768:mma0WvPwTpz4ebXRtaiRJgwk7TIw3YQhp2Shn+05YZZ2eMHIgxEf4kPfjJXaSLEh:m/Y9c0gwI9Y706ZoBk3taSQr/F
TLSH	T176437D96B39E3D6EE0D32C79C56A87167F1CD964D802174290BDBE131AF32A10F259C7
telfhash	t16a9002b25b2165226851d40841e54711211fc0051939f523d400048c504610e011584f
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

gcc masquerade threat

Link:

https://www.filescan.io/uploads/68a676ce419c816a6e8e32b8/reports/ce5432ce-4faf-4560-95ce-193d89b29a9b/overview

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/648c2438-6a1e-484b-9077-92ac344b3e3f

Behavior Graph:

Download SVG

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/ca27251d-28a3-463d-9012-520b82184b9c

Result

Threat name:

n/a

Detection:

suspicious

Classification:

n/a

Score:

21 / 100

Link:

https://www.joesandbox.com/analysis/1761549

Signature

Contains symbols with names commonly found in malware

Behaviour

Behavior Graph:

Download SVG

Score:

Verdict:

Benign

File Type:

ELF

Link:

https://malprob.io/report/baf58c8b685e602fc75a3591005d3f9f2bfc5ea0ccce6bf54e542a29fe5cd048

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/baf58c8b685e602fc75a3591005d3f9f2bfc5ea0ccce6bf54e542a29fe5cd048/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/baf58c8b685e602fc75a3591005d3f9f2bfc5ea0ccce6bf54e542a29fe5cd048

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-08-21 01:31:42 UTC

File Type:

ELF32 Big (SO)

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xl2yzc3ilzqc7r22gwiqaxj7t4v7yxvazthgx5kokqvct7s42bea._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/250821-bxqffsdn4w/

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/990091e3-3072-4af1-822c-364714b04fe1

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/baf58c8b685e602fc75a3591005d3f9f2bfc5ea0ccce6bf54e542a29fe5cd048

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication