MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eefd5fe077a3033d4c16c887c6894a92fdcffbb050aa97da5196702a424e2835. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 8 File information Comments

SHA256 hash: eefd5fe077a3033d4c16c887c6894a92fdcffbb050aa97da5196702a424e2835
SHA3-384 hash: eb9c8cc7bc29a69fe677736f8857018a675971008e0f3c3822853cfec8d8b9389b9a865ecf28a937e72043e918e04223
SHA1 hash: 6ad0cdb02aedb95d7630f85954c6a76d524c0226
MD5 hash: 673f2295a76361b85432f5e1dc7bc8b7
humanhash: fish-mango-solar-mirror
File name:bot_x86_64
Download: download sample
Signature Mirai
File size:1'241'952 bytes
First seen:2026-07-14 18:12:44 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 24576:+wrjO4kbULQIQzVLaJjM7ayOdk3A2rKk2ub9qvF/eA:+w/O4kbUu57KAA2OE9qoA
TLSH T1CC457C57B2F364FDC053C430879BD6A2A931B42542226E7F66C4CB302FA6E641B5DB63
telfhash t1ac2141e7543da4a04adeac80e59b2724e10ff19458b10a23fca0c65c72fe61f49674eb
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence


File Origin
# of uploads :
1
# of downloads :
78
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 gcc
Status:
terminated
Behavior Graph:
%3 guuid=ce152860-1900-0000-e5d5-d3312e140000 pid=5166 /usr/bin/sudo guuid=fd4df862-1900-0000-e5d5-d3312f140000 pid=5167 /tmp/sample.bin guuid=ce152860-1900-0000-e5d5-d3312e140000 pid=5166->guuid=fd4df862-1900-0000-e5d5-d3312f140000 pid=5167 execve guuid=fd4df862-1900-0000-e5d5-d3312f140000 pid=5168 /tmp/sample.bin net guuid=fd4df862-1900-0000-e5d5-d3312f140000 pid=5167->guuid=fd4df862-1900-0000-e5d5-d3312f140000 pid=5168 clone guuid=fd4df862-1900-0000-e5d5-d3312f140000 pid=5169 /tmp/sample.bin guuid=fd4df862-1900-0000-e5d5-d3312f140000 pid=5167->guuid=fd4df862-1900-0000-e5d5-d3312f140000 pid=5169 clone 242b3a96-156d-516c-9550-5da950935d98 5.175.192.197:4444 guuid=fd4df862-1900-0000-e5d5-d3312f140000 pid=5168->242b3a96-156d-516c-9550-5da950935d98 con
Threat name:
Linux.Exploit.CVE-2021-36260
Status:
Malicious
First seen:
2026-07-14 18:13:39 UTC
File Type:
ELF64 Little (Exe)
AV detection:
5 of 36 (13.89%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:F01_s1ckrule
Author:s1ckb017
Rule name:ldpreload
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:malwareelf55503
Rule name:setsockopt
Author:Tim Brown @timb_machine
Description:Hunts for setsockopt() red flags
Rule name:testlumma
Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/
Rule name:unixredflags3
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf eefd5fe077a3033d4c16c887c6894a92fdcffbb050aa97da5196702a424e2835

(this sample)

  
Delivery method
Distributed via web download

Comments