MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e609d3a05f6951bd38552a8f4f2cdbc821d6401fcbe2824fb0208a93a08e9222. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 13 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e609d3a05f6951bd38552a8f4f2cdbc821d6401fcbe2824fb0208a93a08e9222
SHA3-384 hash: 5c2b4fea5a6fcae949e8250bd7538eefdb2acb3bec2404cba8b5a6e2df18a5bd66f23fd06af391cd1a88da89c39448e3
SHA1 hash: 9f2e22c997f26fa5e8b1b00a6ab93b315bb28a4e
MD5 hash: 581467213fd42a1f63ae9e7b0bd4f423
humanhash: fish-red-four-blossom
File name:m68k
Download: download sample
Signature Mirai
Create hunting rule
File size:2'135'428 bytes
First seen:2025-07-12 06:29:24 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 49152:JMG/pYhlLlsVKMYlITNW71PLH/0yoMJZbn7B71:Knwuq61iMJdB71
TLSH T1F2A57C47A74878BEF2467337845B4A1F34047F12C0815F22D2B5F0AD9E6B5AA1F396CA
Magika elf
Reporter abuse_ch
Tags:elf gafgyt mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
17
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30395.LC.UNOFFICIAL
Create hunting rule

Unix.Trojan.Gafgyt-7782058-0
Create hunting rule

Unix.Trojan.Mirai-9940650-0
Create hunting rule

Unix.Trojan.Mirai-10012509-0
Create hunting rule

Unix.Trojan.Mirai-10017111-0
Create hunting rule

Unix.Trojan.Mirai-10018298-0
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6872010c900df8e7f86a0b3clinux22vpnfull_triage
Tags:
n/a
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/6872010c1bf7248a9289c7bb/reports/cfb065e5-cb40-40de-a388-0555a30b1fe0/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/355b997b-4c8f-47d7-981d-db1900c5616d
Behavior Graph:
Download SVG
%3 guuid=a1b12de0-1700-0000-eec1-a83d9b070000 pid=1947 /usr/bin/sudo guuid=d2576ee2-1700-0000-eec1-a83d9d070000 pid=1949 /tmp/sample.bin guuid=a1b12de0-1700-0000-eec1-a83d9b070000 pid=1947->guuid=d2576ee2-1700-0000-eec1-a83d9d070000 pid=1949 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/6fec268a-efb3-41ea-8f3a-80b882eae77a
Result
Threat name:
Gafgyt, Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1734539
Signature
Drops files in suspicious directories
Drops invisible ELF files
Found malware configuration
Sample tries to persist itself using System V runlevels
Sample tries to set files in /etc globally writable
Yara detected Gafgyt
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1734539 Sample: m68k.elf Startdate: 12/07/2025 Architecture: LINUX Score: 80 35 87.121.84.210, 37822, 37824, 37826 SKATTV-ASBG Bulgaria 2->35 45 Found malware configuration 2->45 47 Yara detected Gafgyt 2->47 49 Yara detected Mirai 2->49 10 m68k.elf 2->10         started        signatures3 process4 signatures5 51 Sample tries to set files in /etc globally writable 10->51 53 Drops files in suspicious directories 10->53 55 Sample tries to persist itself using System V runlevels 10->55 13 m68k.elf 10->13         started        15 m68k.elf sh 10->15         started        process6 process7 17 m68k.elf 13->17         started        21 sh cp 15->21         started        file8 31 /etc/init.d/sysd, POSIX 17->31 dropped 37 Sample tries to set files in /etc globally writable 17->37 39 Drops files in suspicious directories 17->39 41 Sample tries to persist itself using System V runlevels 17->41 23 m68k.elf sh 17->23         started        25 m68k.elf 17->25         started        43 Drops invisible ELF files 21->43 signatures9 process10 process11 27 sh cp 23->27         started        file12 33 /usr/bin/.sh, ELF 27->33 dropped 57 Drops invisible ELF files 27->57 59 Drops files in suspicious directories 27->59 signatures13
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/e609d3a05f6951bd38552a8f4f2cdbc821d6401fcbe2824fb0208a93a08e9222
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/e609d3a05f6951bd38552a8f4f2cdbc821d6401fcbe2824fb0208a93a08e9222/
Threat name:
Linux.Trojan.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2025-07-12 01:43:13 UTC
File Type:
ELF32 Big (Exe)
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ye5hic7nfi32ocvfkhu6lg3zaq5mqa7zpriet5qecfjhieosira._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250712-g9qvmsyn13/
Verdict:
Malicious
Tags:
Unix.Trojan.Gafgyt-7782058-0
YARA:
n/a
Link:
https://app.threat.zone/submission/8266a8e4-2141-4a4f-b9ff-6959fec673f0
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/e609d3a05f6951bd38552a8f4f2cdbc821d6401fcbe2824fb0208a93a08e9222

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:enterpriseapps2
Create hunting rule
Author:Tim Brown @timb_machine
Description:Enterprise apps
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:setsockopt
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for setsockopt() red flags
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:testlumma
Create hunting rule
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags
Rule name:WHIRLPOOL_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for WhirlPool constants
Rule name:yara_template
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf e609d3a05f6951bd38552a8f4f2cdbc821d6401fcbe2824fb0208a93a08e9222

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3581099/
  
Delivery method
Distributed via web download

Comments