MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 caecf172cfe7405e4feca3d24ec1007ffde4df46934db85ecaa85ca39281a8ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	caecf172cfe7405e4feca3d24ec1007ffde4df46934db85ecaa85ca39281a8ea
SHA3-384 hash:	0ad04da1cef21583e577e8339d0b76a6570a59c56968d4f17a9eb0f2fbaba950bb3d9d7895531f09ac48d4b306b00d4d
SHA1 hash:	b300fa3ee49f96146113d0af2b0a15372f2eb5a7
MD5 hash:	4c65f4f18aca7418cc6ab42aa35212ce
humanhash:	moon-carpet-red-social
File name:	ppc
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	63'104 bytes
First seen:	2025-11-01 10:30:55 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	768:bLQaw7umFBnpoyu7wfQ99vDoSeONP6O3QRdsjF4mtuWkuqh/2IOi:XQT7FBiPcfCvDteAPx3Qhmc3uqh/2Hi
TLSH	T175532C42B31C0957D5B3AEB0253F27E093BBE55021F4BA88251E9B999371E325186FCE
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 661b156b5561fa89f3e09ff671a92de8020d6d786593f11e56c5d3af6ea35032

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

147

Origin country :

NL

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

Unix.Dropper.Mirai-7135957-0

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Receives data from a server

Opens a port

Sends data to a server

DNS request

Connection attempt

Substitutes an application name

FileScan.IO Unknown

Verdict:

Unknown

Threat level:

  0/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6905e243a3d163109525c705/reports/9a970af4-526c-452e-b5a9-ebdf0ce8f4aa/overview

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

elf.32.be

First seen:

2025-11-01T08:40:00Z UTC

Last seen:

2025-11-01T13:14:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/caecf172cfe7405e4feca3d24ec1007ffde4df46934db85ecaa85ca39281a8ea/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/95b2eb68-5b53-4da2-a187-94b1877ced09

Behavior Graph:

Download SVG

Intezer Unknown

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/aa14c630-d4ee-42dd-80cb-f4038e996825

Joe Sandbox Mirai

Result

Threat name:

Mirai

Alert

Create hunting rule

Detection:

malicious

Classification:

troj

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1806255

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sends malformed DNS queries

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/caecf172cfe7405e4feca3d24ec1007ffde4df46934db85ecaa85ca39281a8ea

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/caecf172cfe7405e4feca3d24ec1007ffde4df46934db85ecaa85ca39281a8ea/

ReversingLabs TitaniumCloud Linux.Worm.Mirai

Threat name:

Linux.Worm.Mirai

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-11-01 10:34:39 UTC

File Type:

ELF32 Big (Exe)

AV detection:

15 of 24 (62.50%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zlwpc4wp45af4t7mupje5qiap766jx2gsng3qxwkvbokheubvdva._file

Hatching Triage mirai

Result

Malware family:

mirai

Alert

Create hunting rule

Score:

  10/10

Tags:

family:mirai linux

Link:

https://tria.ge/reports/251101-ml5lsacn8s/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/caecf172cfe7405e4feca3d24ec1007ffde4df46934db85ecaa85ca39281a8ea