MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9999b362b8cf592d481104f078514ab67c6ed77bb1a40759a20a9f72f477849. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d9999b362b8cf592d481104f078514ab67c6ed77bb1a40759a20a9f72f477849
SHA3-384 hash: 2fff443e00132a3d9e4d6a79b21ce4b8722e72fd86a68367ad47eb5fffde83bc6091ce77ac18129523e5c100b2152cb9
SHA1 hash: a8b45a5f6d29d7b4a1a5a30c77843a4d71f2635e
MD5 hash: e2a2870efdd1dd80996ae78893324eef
humanhash: crazy-earth-pip-rugby
File name:bot.i686
Download: download sample
Signature Mirai
Create hunting rule
File size:62'712 bytes
First seen:2026-01-12 10:42:26 UTC
Last seen:Never
File type: elf
MIME type:application/x-sharedlib
ssdeep 1536:9ZvFSwgtLZvkHTUbwaYlt7iC6mCoryY6:7FS3tLGHxaYRh
TLSH T179535B82F6D3C1F1F58346710057E7AF8B34EE298024DD9AEB193E75ED76602825B26C
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
gcc masquerade rust
Link:
https://www.filescan.io/uploads/6964d05e30368802bb819dc9/reports/4e85cae2-48c0-44b9-b22a-e4319de3840c/overview
Verdict:
Unknown
File Type:
elf.32.le
First seen:
2026-01-12T02:48:00Z UTC
Last seen:
2026-01-12T15:16:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/d9999b362b8cf592d481104f078514ab67c6ed77bb1a40759a20a9f72f477849/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/26e242e8-453b-4cc4-b21c-e0233c7a1f51
Behavior Graph:
Download SVG
%3 guuid=2ad48be5-1900-0000-5715-486f4a090000 pid=2378 /usr/bin/sudo guuid=5114e5e7-1900-0000-5715-486f50090000 pid=2384 /tmp/sample.bin guuid=2ad48be5-1900-0000-5715-486f4a090000 pid=2378->guuid=5114e5e7-1900-0000-5715-486f50090000 pid=2384 execve guuid=e22f0be8-1900-0000-5715-486f51090000 pid=2385 /tmp/sample.bin net zombie guuid=5114e5e7-1900-0000-5715-486f50090000 pid=2384->guuid=e22f0be8-1900-0000-5715-486f51090000 pid=2385 clone 3df62266-e530-5690-95b0-1e0d3658d806 15.204.230.147:1337 guuid=e22f0be8-1900-0000-5715-486f51090000 pid=2385->3df62266-e530-5690-95b0-1e0d3658d806 con
Malware family:
Gafgyt
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d732b917-3038-4bda-9ff2-0706525ee716
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1848947
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/d9999b362b8cf592d481104f078514ab67c6ed77bb1a40759a20a9f72f477849
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/d9999b362b8cf592d481104f078514ab67c6ed77bb1a40759a20a9f72f477849/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-01-12 10:26:07 UTC
File Type:
ELF32 Little (SO)
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3gmzwnrlrt2zfvebcbhqpbiuvnt4n3lxxmnea5m2ecu7ol2hpbeq._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
linux
Link:
https://tria.ge/reports/260112-msfw1acz2f/
Behaviour
Changes its process name
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/0df0cfe9-ae25-47e4-a1ed-f92f688af57e
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d9999b362b8cf592d481104f078514ab67c6ed77bb1a40759a20a9f72f477849

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf d9999b362b8cf592d481104f078514ab67c6ed77bb1a40759a20a9f72f477849

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3756649/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3756647/

Comments