MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe6f26eba044f82b78b3cb7f2cf2c7721871fe4de398cf25e90c37890db806d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe6f26eba044f82b78b3cb7f2cf2c7721871fe4de398cf25e90c37890db806d2
SHA3-384 hash: 62f5bf88779049ca1b8729bba99660b9ec102fd280038cbbf91d3394e3f771c204841ab30753442912bd4123b686d3a1
SHA1 hash: 07e08f8346c15af71bdbe47eef2519a7b579f3d2
MD5 hash: aa35fa572bca7a07c5d9f038e49f5f60
humanhash: johnny-berlin-football-edward
File name:dlr.m68k
Download: download sample
Signature Mirai
Create hunting rule
File size:1'248 bytes
First seen:2025-12-19 12:09:05 UTC
Last seen:2025-12-19 14:18:36 UTC
File type: elf
MIME type:application/x-executable
ssdeep 24:3AaAa8DzSWPpbP78Pwy74+CixTHC+VhHcJTD8ECAfGBxioxj4RpLNT1AhCQ:QaApP3hb/mHTCMh8Jf8DAfgM/RhNh8CQ
TLSH T1B921FC09F3892D8FEDA71578582B063A30307A49F4039013B3668E7F6E7B5D8221B18E
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
4
# of downloads :
107
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.368.21771.20446.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/694540c6a7163552ba02d903/reports/ee396da0-7f82-4596-9e6c-330c3213ad88/overview
Verdict:
Malicious
File Type:
elf.32.be
First seen:
2025-12-19T10:05:00Z UTC
Last seen:
2025-12-19T12:48:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/fe6f26eba044f82b78b3cb7f2cf2c7721871fe4de398cf25e90c37890db806d2/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/bda76acf-83a2-4dab-8877-a0bb1ec30812
Behavior Graph:
Download SVG
%3 guuid=e7622290-1900-0000-35c6-d9e4a7080000 pid=2215 /usr/bin/sudo guuid=fbab3d92-1900-0000-35c6-d9e4ae080000 pid=2222 /tmp/sample.bin guuid=e7622290-1900-0000-35c6-d9e4a7080000 pid=2215->guuid=fbab3d92-1900-0000-35c6-d9e4ae080000 pid=2222 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ae9d7532-70b0-4bfe-8986-b413aa9c77f4
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1836241
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1836241 Sample: dlr.m68k.elf Startdate: 19/12/2025 Architecture: LINUX Score: 48 14 169.254.169.254, 80 USDOSUS Reserved 2->14 16 162.213.35.24, 40394, 443 CANONICAL-ASGB United States 2->16 18 2 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 6 python3.8 dpkg 2->6         started        8 dash rm 2->8         started        10 dash rm 2->10         started        12 dlr.m68k.elf 2->12         started        signatures3 process4
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/fe6f26eba044f82b78b3cb7f2cf2c7721871fe4de398cf25e90c37890db806d2
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/fe6f26eba044f82b78b3cb7f2cf2c7721871fe4de398cf25e90c37890db806d2/
Threat name:
Linux.Downloader.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-19 12:11:21 UTC
File Type:
ELF32 Big (Exe)
AV detection:
10 of 24 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7zxsn25ait4cw6ftzn7sz4whoimhd7sn4omm6jpjbq3ysdnya3ja._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251219-pcfx6scj3t/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/c723c000-7de5-49c4-bf56-5c5dea1b13f0
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fe6f26eba044f82b78b3cb7f2cf2c7721871fe4de398cf25e90c37890db806d2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf fe6f26eba044f82b78b3cb7f2cf2c7721871fe4de398cf25e90c37890db806d2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3737142/
  
Delivery method
Distributed via web download

Comments