MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f71af0c04e48969d957c40b4d969ab6f3c8f5a62c03200476d307078d2291135. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f71af0c04e48969d957c40b4d969ab6f3c8f5a62c03200476d307078d2291135
SHA3-384 hash: f78968d0c1ca7b4902773736fb68b766225e8a58328d9bea4e3b08ccc1283acb00cf9e45a3cccacfe23426696b57378b
SHA1 hash: a1261e58378bff086f1cad7f8ba683cc4c7aeab5
MD5 hash: f0a6825b485e8442559bc14f4adbdce2
humanhash: spaghetti-jersey-emma-mike
File name:sora.x86_64
Download: download sample
Signature Mirai
Create hunting rule
File size:31'404 bytes
First seen:2026-02-08 19:35:45 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 384:bfeGulrAlGS0ESNTNKUMdUZk5MNns9VPRBac+6+1HTMOGHV7xd/Yid4wctDsbnUE:SFrpRNBPaLWs9VRG6GHTyHVtrd3bLJ
TLSH T1D6E2F1E6805AC9B4D8908F709A9C05E8F821FCCD85158BBB4C45BCFF4833E422E65B42
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai UPX
File size (compressed) :31'404 bytes
File size (de-compressed) :70'912 bytes
Format:linux/amd64
Unpacked file: 1a69462506d673ffb99e14103d04982ad1cae87dbe73e240ea0ac4725cfbf038

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/60456f5d-b8c2-40fd-acdd-24498d9626d9/
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
packed upx
Link:
https://www.filescan.io/uploads/6988e5c42ffccda0976ac455/reports/ddc2bd1f-2349-4c5f-b301-f607e9944f8f/overview
Result
Gathering data
Verdict:
Malicious
File Type:
elf.64.le
Link:
https://opentip.kaspersky.com/f71af0c04e48969d957c40b4d969ab6f3c8f5a62c03200476d307078d2291135/results?tab=lookup
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7ca1ff69-a67a-4204-92a5-82bbf16c9e72
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1865723
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1865723 Sample: sora.x86_64.elf Startdate: 08/02/2026 Architecture: LINUX Score: 68 14 Malicious sample detected (through community Yara rule) 2->14 16 Multi AV Scanner detection for submitted file 2->16 18 Yara detected Mirai 2->18 20 Sample is packed with UPX 2->20 6 systemd snap-failure 2->6         started        8 sora.x86_64.elf 2->8         started        process3 process4 10 snap-failure systemctl 6->10         started        12 snap-failure 6->12         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/f71af0c04e48969d957c40b4d969ab6f3c8f5a62c03200476d307078d2291135
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f71af0c04e48969d957c40b4d969ab6f3c8f5a62c03200476d307078d2291135/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-02-08 19:37:26 UTC
File Type:
ELF64 Little (Exe)
AV detection:
13 of 36 (36.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=64npbqcojclj3fl4ic2ns2nln46i6wtcyazaar3ngbyhrurjce2q._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:sora botnet discovery linux upx
Link:
https://tria.ge/reports/260208-ybf18ahv3e/
Behaviour
Reads runtime system information
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf f71af0c04e48969d957c40b4d969ab6f3c8f5a62c03200476d307078d2291135

(this sample)

Mirai

elf 1a69462506d673ffb99e14103d04982ad1cae87dbe73e240ea0ac4725cfbf038

  
URLhaus
https://urlhaus.abuse.ch/url/3774366/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 1a69462506d673ffb99e14103d04982ad1cae87dbe73e240ea0ac4725cfbf038
  
Dropping
MD5 7722608a5b7d53b5ca649a64a7b76bcf

Comments