MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d69106f5dbf1daef581e937b746d87595708e74e0acb4d1296c5fbf7b4c85c85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA 4 File information Comments

SHA256 hash:	d69106f5dbf1daef581e937b746d87595708e74e0acb4d1296c5fbf7b4c85c85
SHA3-384 hash:	f94722b6cd955ac7dcfc4502867c478a72e9ab793e419e839f9f12f577800e0cf1a0c261359c0a1d1b4af5a52734cf77
SHA1 hash:	d4e2713048a3244d13236b262e1d56565bd5ed46
MD5 hash:	c199494f2f3ba2a4460e10e9f31d5a04
humanhash:	papa-jersey-item-wyoming
File name:	arm6
Download:	download sample
Signature	Mirai Create hunting rule
File size:	105'284 bytes
First seen:	2025-05-09 21:22:49 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	3072:QRdp/eDqpBwBWyfK7tRIsa5rZlh9pAQG0KMiO:QRdIDqpyKpRZatZlOy
TLSH	T169A3059AB8D18E22C5D502BFFA1F419D333253F8D2DFB213DD146B24768692B0D7A612
telfhash	t1bae02b99bb3ecd14b3fc982911c8424f84f931130863a492c0c4074fa40258af49d96d
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

131

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.31069.LX.BOT.UNOFFICIAL

Sanesecurity.Malware.31075.LX.BOT.UNOFFICIAL

Unix.Trojan.Gafgyt-6981160-0

Unix.Dropper.Mirai-7135893-0

Unix.Dropper.Mirai-7135900-0

Unix.Dropper.Mirai-7135951-0

Unix.Dropper.Mirai-7136105-0

Unix.Trojan.Mirai-7755770-0

Unix.Trojan.Mirai-7759336-0

Unix.Trojan.Mirai-7772538-0

Unix.Trojan.Mirai-8041689-0

Unix.Trojan.Mirai-9885259-0

Unix.Trojan.Mirai-9924065-0

Unix.Trojan.Gafgyt-9940653-0

Unix.Trojan.Mirai-9943763-0

Unix.Trojan.Mirai-9944690-0

Unix.Trojan.Mirai-9945195-0

Unix.Trojan.Mirai-10004218-0

Unix.Trojan.Mirai-10008934-0

Unix.Trojan.Gafgyt-6735924-0

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=681e732c4a59e5a2ce0378c5linux22vpnfull_triage

Tags:

n/a

Result

Verdict:

Malware

Maliciousness:

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

anti-vm lolbin remote

Link:

https://www.filescan.io/uploads/681e723ed95f3e34e96583d1/reports/1c8d2402-1368-4f2b-bd95-8ba72b8a7889/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/d69106f5dbf1daef581e937b746d87595708e74e0acb4d1296c5fbf7b4c85c85

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6a348a77-24a5-4bb9-80cd-b3f6ac7a2d9a

Result

Threat name:

Mirai

Detection:

malicious

Classification:

troj

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1686103

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Mirai

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/d69106f5dbf1daef581e937b746d87595708e74e0acb4d1296c5fbf7b4c85c85

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d69106f5dbf1daef581e937b746d87595708e74e0acb4d1296c5fbf7b4c85c85/

Threat name:

Linux.Exploit.Mirai

Status:

Malicious

First seen:

2025-05-09 21:23:11 UTC

File Type:

ELF32 Little (Exe)

AV detection:

23 of 37 (62.16%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=22iqn5o36hno6wa6sn5xi3mhlflqrz2oblfu2euwyx57pngilscq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/250509-z8g58a1ls6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mirai

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/d69106f5dbf1daef581e937b746d87595708e74e0acb4d1296c5fbf7b4c85c85

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.