MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 faf246e2a17c3855ab8f93aaf0d0d846e7d208c380f5b5f4445fe6611d6decb2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 11

Intelligence 11 IOCs YARA 3 File information Comments

SHA256 hash:	faf246e2a17c3855ab8f93aaf0d0d846e7d208c380f5b5f4445fe6611d6decb2
SHA3-384 hash:	46aa81ec0141ad046a02d94bdac546cd0786239b88823dc28607d030caa2b75f348aa765d05dba10872a46af0bc770c6
SHA1 hash:	7a2a026a62e2fb7587c232f19e916b0099bcc28d
MD5 hash:	f904cb3ed23b9a9e09e4af05c33a7d78
humanhash:	burger-oklahoma-skylark-potato
File name:	ub8ehJSePAfc9FYqZIT6.ppc
Download:	download sample
Signature	Mirai Create hunting rule
File size:	133'844 bytes
First seen:	2026-01-18 19:18:36 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:fG7e3r9ZB96ggxMhe6D0erxU0JcTCKz2vADGF5lFILwyhqk98O2m:fwe7nB7gxQm0JceKrDkW0m
TLSH	T1A4D33905734C0D47D2673EF03A3F23D193AFDA8221A4EA45654F9A8E9172E73198ADCD
Magika	elf
Reporter	abuse_ch
Tags:	elf mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 e0a3b477fe893c8bfef27b1a83f76986289cc413dad4d2e3fab430c32f5ecdf5

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	48'692 bytes
File size (de-compressed) :	133'844 bytes
Format:	linux/ppc32
Packed file:	e0a3b477fe893c8bfef27b1a83f76986289cc413dad4d2e3fab430c32f5ecdf5

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

Mirai

Details

Link:

https://research.acce.ciphertechsolutions.com/results/104bd77d-b0df-4e58-9e3a-df4de4e9b683/

Detection(s):

Unix.Trojan.Mirai-7100807-0

Unix.Dropper.Mirai-7135897-0

Unix.Dropper.Mirai-7135901-0

Unix.Dropper.Mirai-7135909-0

Unix.Trojan.Mirai-7135916-0

Unix.Dropper.Mirai-7135918-0

Unix.Dropper.Mirai-7135954-0

Unix.Dropper.Mirai-7135957-0

Unix.Dropper.Mirai-7136013-0

Unix.Dropper.Mirai-7136016-0

Unix.Dropper.Mirai-7136028-0

Unix.Dropper.Mirai-7136057-0

Unix.Trojan.Mirai-8025795-0

Unix.Trojan.Mirai-9858729-0

Unix.Trojan.Mirai-9940367-0

Unix.Trojan.Mirai-10012200-0

Unix.Trojan.Mirai-10012671-0

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

gafgyt masquerade mirai obfuscated

Link:

https://www.filescan.io/uploads/696d323f2ea17ed8995283bd/reports/cee8cf3f-65f2-4ea9-8f85-15c09dea8989/overview

Result

Gathering data

Verdict:

Malicious

File Type:

ELF 32 BE

Detections:

HEUR:Backdoor.Linux.Mirai.r HEUR:Backdoor.Linux.Mirai.b

Link:

https://opentip.kaspersky.com/faf246e2a17c3855ab8f93aaf0d0d846e7d208c380f5b5f4445fe6611d6decb2/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/ca3313db-e22b-4c34-b21c-ce213581692e

Behavior Graph:

Download SVG

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d01a01d0-bac1-473f-aca2-244f2949493c

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1852973

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/faf246e2a17c3855ab8f93aaf0d0d846e7d208c380f5b5f4445fe6611d6decb2

Detection:

mirai

Link:

https://mwdb.cert.pl/sample/faf246e2a17c3855ab8f93aaf0d0d846e7d208c380f5b5f4445fe6611d6decb2/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/faf246e2a17c3855ab8f93aaf0d0d846e7d208c380f5b5f4445fe6611d6decb2

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2026-01-18 19:19:38 UTC

File Type:

ELF32 Big (Exe)

AV detection:

15 of 36 (41.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7lzenyvbpq4flk4psovpbugyi3t5ecgdqd23l5cel7tgchln5sza._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:lzrd linux

Link:

https://tria.ge/reports/260118-x1qraaes2b/

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/d05cc4f6-010b-4c45-b1aa-5e4b885cbc08

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	ELF_Toriilike_persist Create hunting rule
Author:	4r4
Description:	Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:	Identified via researched data

Rule name:	SUSP_XORed_Mozilla_Oct19 Create hunting rule
Author:	Florian Roth
Description:	Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
Reference:	https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()

Rule name:	SUSP_XORed_Mozilla_RID2DB4 Create hunting rule
Author:	Florian Roth
Description:	Detects suspicious XORed keyword - Mozilla/5.0
Reference:	Internal Research