MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e925b49769cf5301906e33c41f4478a10e63580d143168a7ebff5ea2a9c73e32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e925b49769cf5301906e33c41f4478a10e63580d143168a7ebff5ea2a9c73e32
SHA3-384 hash: 2410b316bd276d885fec375b66cbf412ab08832c00bbee6ba4fa7774cb3c7e6b28229b710bc0d84b040aa99d8b9a75b7
SHA1 hash: 28673cf7fd3568b1bff2816e3e691d8bae89bb3e
MD5 hash: 814efe269a02e8b33edae4a4d235fd82
humanhash: bulldog-minnesota-spring-mike
File name:mips
Download: download sample
Signature Mirai
Create hunting rule
File size:70'284 bytes
First seen:2026-04-11 23:14:14 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:IRuDybUerYZXkRhvvjUrf83tXZR2cxvfaLrLlrBb+qJ96yxzVSd:IRuDybnYXyI7EXZsqfaDb+e7zVi
TLSH T15863F11E77121D9ED9FFE6361BD603021DB062BBB29B000679D1F0ADDAD20D988C75B5
Magika elf
Reporter abuse_ch
Tags:elf mirai UPX
File size (compressed) :70'284 bytes
File size (de-compressed) :256'816 bytes
Format:linux/mips
Unpacked file: 525630123a01efd91a7ea114d9ab483c51d1cfa22639c56f52c83551819b8087

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/f9fe92a8-ebd5-401e-be77-576ff96350bb/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Gathering data
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
unknown
Number of open files:
2
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/e925b49769cf5301906e33c41f4478a10e63580d143168a7ebff5ea2a9c73e32
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2026-04-11T19:26:00Z UTC
Last seen:
2026-04-12T19:52:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/e925b49769cf5301906e33c41f4478a10e63580d143168a7ebff5ea2a9c73e32/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6a3fbf8f-0238-43bf-8fa8-d28e5de49fae
Behavior Graph:
Download SVG
%3 guuid=ffa4b9b6-1800-0000-e551-12b0cb080000 pid=2251 /usr/bin/sudo guuid=b1134bb9-1800-0000-e551-12b0cc080000 pid=2252 /tmp/sample.bin guuid=ffa4b9b6-1800-0000-e551-12b0cb080000 pid=2251->guuid=b1134bb9-1800-0000-e551-12b0cc080000 pid=2252 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/5925da3b-5acb-4267-a32e-cb778fcc679c
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1896957
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/e925b49769cf5301906e33c41f4478a10e63580d143168a7ebff5ea2a9c73e32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e925b49769cf5301906e33c41f4478a10e63580d143168a7ebff5ea2a9c73e32/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/e925b49769cf5301906e33c41f4478a10e63580d143168a7ebff5ea2a9c73e32
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-04-11 23:14:34 UTC
File Type:
ELF32 Big (Exe)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5es3jf3jz5jqdedogpcb6rdyuehggwancqywrj7l75pkfkohhyza._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet discovery upx
Link:
https://tria.ge/reports/260411-277etsdw6s/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e925b49769cf5301906e33c41f4478a10e63580d143168a7ebff5ea2a9c73e32

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf e925b49769cf5301906e33c41f4478a10e63580d143168a7ebff5ea2a9c73e32

(this sample)

Mirai

elf 525630123a01efd91a7ea114d9ab483c51d1cfa22639c56f52c83551819b8087

  
URLhaus
https://urlhaus.abuse.ch/url/3804518/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 525630123a01efd91a7ea114d9ab483c51d1cfa22639c56f52c83551819b8087
  
Dropping
MD5 17abdb19993cd72ee58863a495dda222

Comments