MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 022c001b1f5cf76695b8b76c82f2054c1ecd1da81cce2534c04b0631b6a6170a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 022c001b1f5cf76695b8b76c82f2054c1ecd1da81cce2534c04b0631b6a6170a
SHA3-384 hash: 28a5bd2bf4e10203eb6e2eed293c922a2c74163997e699b6e0f95792d8812464b4642bf5fac4d04ae91b4d330592e2b6
SHA1 hash: e32d819dc90fb252e8b4c71a0d9cf80e1785c6cc
MD5 hash: a24af30030204143b54d9903b1cee543
humanhash: uniform-south-orange-pluto
File name:res
Download: download sample
Signature Mirai
Create hunting rule
File size:1'369 bytes
First seen:2025-11-08 19:30:50 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:dajaqw9pt2aPqw9DU2av8qw912aoqw9x2a0Qqw9r22aeqw9r2aWyzqw99G2aDqwC:0Er7zSgiDZd6qLBsW
TLSH T1632107FE0C3429231C94E969E1D523CD71198EFAC8258ED0EA4E362DD984A2C3859DDD
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.41/kvariant.x86a7e4a8a3e820f0694211d21228136a78b42e83c53d6a4635653d1b74ff182ce4 Miraimirai opendir
http://213.209.143.41/kvariant.mips684259fbf39cc12f2b8497017d14c03dd8b6769cae6699f53e1215a568f24bcb Miraimirai opendir
http://213.209.143.41/kvariant.mpslcc3b129045b9810dbd7012b6da00909028dafaa42b60fe2ea143c8ebea4b5fb1 Miraimirai opendir
http://213.209.143.41/kvariant.arm4n/an/aelf ua-wget
http://213.209.143.41/kvariant.arm5f8b9acbdcbeeb5d59c9d31788ef5f717fb62bf728ddae01584e29b6a33d89dc5 Miraimirai opendir
http://213.209.143.41/kvariant.arm61e63edf262d21d49fe667fd7ada520626abd9f4395202a1ebee9b9558340cc5f Miraimirai opendir
http://213.209.143.41/kvariant.arm74a1e3149d4e7ca4497c06412938380a195fdb03212a426e146b2622857e9b8b5 Miraimirai opendir
http://213.209.143.41/kvariant.ppcebb162680dc89cf4612c8bd690a26dd4c92f7386de0e9a2c026a095632a50446 Miraimirai opendir
http://213.209.143.41/kvariant.m68k660c33caac73da96fa82afa7020e1e3f806eb4f1fba45905c6e8f9c39f73587f Miraimirai opendir
http://213.209.143.41/kvariant.sh455bb7ec894f1b92dd31a712dcd8d291fb53dc72060f08bbccb05dcd2010d422f Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/690f9a8645d0218fdf1f142c/reports/05b4cba8-176e-434e-9eb6-6324e87fc726/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-08T16:37:00Z UTC
Last seen:
2025-11-09T23:36:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/022c001b1f5cf76695b8b76c82f2054c1ecd1da81cce2534c04b0631b6a6170a/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/73840e13-63e6-4b44-8f55-c7d7cd8e9540
Behavior Graph:
Download SVG
%3
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/022c001b1f5cf76695b8b76c82f2054c1ecd1da81cce2534c04b0631b6a6170a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/022c001b1f5cf76695b8b76c82f2054c1ecd1da81cce2534c04b0631b6a6170a/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/022c001b1f5cf76695b8b76c82f2054c1ecd1da81cce2534c04b0631b6a6170a
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-11-08 19:31:50 UTC
File Type:
Text (Shell)
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aiwaagy7lt3wnfnyw5wif4qfjqpm2hnidthckngajmdddnvgc4fa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251108-x97fdszkfs/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 022c001b1f5cf76695b8b76c82f2054c1ecd1da81cce2534c04b0631b6a6170a

(this sample)

Mirai

elf a7e4a8a3e820f0694211d21228136a78b42e83c53d6a4635653d1b74ff182ce4

  
URLhaus
https://urlhaus.abuse.ch/url/3686889/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3686875/
  
URLhaus
https://urlhaus.abuse.ch/url/3686874/
  
URLhaus
https://urlhaus.abuse.ch/url/3686941/
  
URLhaus
https://urlhaus.abuse.ch/url/3687018/
  
Dropping
MD5 9b526836dd97ea325c1683e592e367de
  
Dropping
SHA256 a7e4a8a3e820f0694211d21228136a78b42e83c53d6a4635653d1b74ff182ce4

Comments