MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdb6e68ef231c812e582393aa08b21651a50f13bf1e816aa172b53de892ce085. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 4 File information Comments

SHA256 hash: fdb6e68ef231c812e582393aa08b21651a50f13bf1e816aa172b53de892ce085
SHA3-384 hash: 62c17d63e200b1af8d7f2e5e9dc7c555c70dafadd427987b554607905d71ed26616d37e4803494a7d64b5f298ba5e5c3
SHA1 hash: 0d5419f613712c2b5f41e805d7429f66896b60ca
MD5 hash: 9ef0e14240e287b0750afe45b248571c
humanhash: edward-asparagus-charlie-kilo
File name:monero.ppc
Download: download sample
Signature Mirai
File size:132'412 bytes
First seen:2026-06-19 14:57:34 UTC
Last seen:Never
File type: elf
MIME type:application/x-sharedlib
ssdeep 3072:sJvaE4sOc9hz/ayn4DpdUyyyO9/MGnv16u2ci7ocu:7K9hz/X4D/UdpKGnv16u2ci8cu
TLSH T164D37D01FB580553D1D65EB44B3B077AD32C89935CB4F20C290ABB2A27339BB95D7B86
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 0348bc1e7db9a0fb758e7c3bf7d97c89cb873577dea51112c378b84cfef3700a
File size (compressed) :69'452 bytes
File size (de-compressed) :132'412 bytes
Format:linux/ppc32
Packed file: 0348bc1e7db9a0fb758e7c3bf7d97c89cb873577dea51112c378b84cfef3700a

Intelligence


File Origin
# of uploads :
1
# of downloads :
59
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Result
Verdict:
Malware
Maliciousness:

Behaviour
Runs as daemon
Sends data to a server
Manages services
Receives data from a server
Connection attempt
Creating a file
Opens a port
Kills processes
Changes access rights for a written file
DNS request
Substitutes an application name
Creates or modifies files in /cron to set up autorun
Creates or modifies files in /init.d to set up autorun
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
base64 expand gcc lolbin masquerade
Status:
terminated
Behavior Graph:
%3 guuid=b3f27368-1e00-0000-bcc1-01afd20d0000 pid=3538 /usr/bin/sudo guuid=e082686a-1e00-0000-bcc1-01afd70d0000 pid=3543 /tmp/sample.bin guuid=b3f27368-1e00-0000-bcc1-01afd20d0000 pid=3538->guuid=e082686a-1e00-0000-bcc1-01afd70d0000 pid=3543 execve
Gathering data
Threat name:
Linux.Worm.Mirai
Status:
Malicious
First seen:
2026-06-19 14:58:26 UTC
File Type:
ELF32 Big (SO)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_XORed_Mozilla_Oct19
Author:Florian Roth
Description:Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
Reference:https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()
Rule name:SUSP_XORed_Mozilla_RID2DB4
Author:Florian Roth
Description:Detects suspicious XORed keyword - Mozilla/5.0
Reference:Internal Research
Rule name:test_rule_vldslv
Rule name:unixredflags3
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf fdb6e68ef231c812e582393aa08b21651a50f13bf1e816aa172b53de892ce085

(this sample)

  
Delivery method
Distributed via web download

Comments