MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0513117400cd5ab9e7e17c05131490601bae80a7c4070e4e624025d72620c594. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0513117400cd5ab9e7e17c05131490601bae80a7c4070e4e624025d72620c594
SHA3-384 hash: ebc775f1dce55c2f13e0659de5f2dfa7c62d4706cee9c4125af5321c743662246a26de67c12e77c476ff173545d7888c
SHA1 hash: 0a2337fb3d8e6b9fa7ee2311f9f7f55f0f6aa828
MD5 hash: eae1077e970188a363007437c53444a0
humanhash: high-mexico-bakerloo-may
File name:o.xml
Download: download sample
Signature Mirai
Create hunting rule
File size:759 bytes
First seen:2025-06-22 19:46:22 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:FH8ioNJAC7ukxGWi2jU30+0K5+A+MjR22MDCh2MDoBc5ZhG+E6:FH8j/wWi2jz8lxcfu
TLSH T18E01A2BDA5A88A5205B5C5C7B1F48506C481908FA2EE97E5B38E09266F28CDE785320D
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.115.188/00101010101001/morte.x868a16774410cd820e08f6d56a5c70791182d491a0b92624845d2278433fa11922 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan-Downloader.Linux.Sh.8411.17434.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68585e8d32ed47a3a8d68ceblinux22vpnfull_triage
Tags:
ransomware backdoor agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive masquerade opendir
Link:
https://www.filescan.io/uploads/6919a1165d2e84025a5ca2ab/reports/a2d35cc0-1035-4bbc-ae32-f56baae0ec4d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0513117400cd5ab9e7e17c05131490601bae80a7c4070e4e624025d72620c594
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/45d0cca7-7e96-4162-9a94-c879899bfdf0
Behavior Graph:
Download SVG
%3 guuid=5c4a837c-1a00-0000-1d93-7a5e7a0b0000 pid=2938 /usr/bin/sudo guuid=abe6377e-1a00-0000-1d93-7a5e7f0b0000 pid=2943 /tmp/sample.bin guuid=5c4a837c-1a00-0000-1d93-7a5e7a0b0000 pid=2938->guuid=abe6377e-1a00-0000-1d93-7a5e7f0b0000 pid=2943 execve guuid=5a69717e-1a00-0000-1d93-7a5e800b0000 pid=2944 /usr/bin/dash guuid=abe6377e-1a00-0000-1d93-7a5e7f0b0000 pid=2943->guuid=5a69717e-1a00-0000-1d93-7a5e800b0000 pid=2944 clone guuid=0024867e-1a00-0000-1d93-7a5e820b0000 pid=2946 /usr/bin/dash guuid=abe6377e-1a00-0000-1d93-7a5e7f0b0000 pid=2943->guuid=0024867e-1a00-0000-1d93-7a5e820b0000 pid=2946 clone guuid=454ca37e-1a00-0000-1d93-7a5e830b0000 pid=2947 /usr/bin/curl net send-data write-file guuid=abe6377e-1a00-0000-1d93-7a5e7f0b0000 pid=2943->guuid=454ca37e-1a00-0000-1d93-7a5e830b0000 pid=2947 execve guuid=7ccd9587-1a00-0000-1d93-7a5e8f0b0000 pid=2959 /usr/bin/wget net send-data write-file guuid=abe6377e-1a00-0000-1d93-7a5e7f0b0000 pid=2943->guuid=7ccd9587-1a00-0000-1d93-7a5e8f0b0000 pid=2959 execve guuid=eee20a8d-1a00-0000-1d93-7a5e9a0b0000 pid=2970 /usr/bin/chmod guuid=abe6377e-1a00-0000-1d93-7a5e7f0b0000 pid=2943->guuid=eee20a8d-1a00-0000-1d93-7a5e9a0b0000 pid=2970 execve guuid=e9e2728d-1a00-0000-1d93-7a5e9c0b0000 pid=2972 /home/sandbox/morte.x86 net guuid=abe6377e-1a00-0000-1d93-7a5e7f0b0000 pid=2943->guuid=e9e2728d-1a00-0000-1d93-7a5e9c0b0000 pid=2972 execve 251ce962-19d8-50e9-a1ae-650aae8d3dde 196.251.115.188:80 guuid=454ca37e-1a00-0000-1d93-7a5e830b0000 pid=2947->251ce962-19d8-50e9-a1ae-650aae8d3dde send: 103B guuid=7ccd9587-1a00-0000-1d93-7a5e8f0b0000 pid=2959->251ce962-19d8-50e9-a1ae-650aae8d3dde send: 154B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=e9e2728d-1a00-0000-1d93-7a5e9c0b0000 pid=2972->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a0c05b8e-1a00-0000-1d93-7a5e9f0b0000 pid=2975 /home/sandbox/morte.x86 guuid=e9e2728d-1a00-0000-1d93-7a5e9c0b0000 pid=2972->guuid=a0c05b8e-1a00-0000-1d93-7a5e9f0b0000 pid=2975 clone guuid=c953c5ba-1b00-0000-1d93-7a5e960d0000 pid=3478 /home/sandbox/morte.x86 guuid=e9e2728d-1a00-0000-1d93-7a5e9c0b0000 pid=2972->guuid=c953c5ba-1b00-0000-1d93-7a5e960d0000 pid=3478 clone guuid=6092cdba-1b00-0000-1d93-7a5e970d0000 pid=3479 /home/sandbox/morte.x86 net send-data zombie guuid=e9e2728d-1a00-0000-1d93-7a5e9c0b0000 pid=2972->guuid=6092cdba-1b00-0000-1d93-7a5e970d0000 pid=3479 clone guuid=4579628e-1a00-0000-1d93-7a5ea00b0000 pid=2976 /home/sandbox/morte.x86 guuid=a0c05b8e-1a00-0000-1d93-7a5e9f0b0000 pid=2975->guuid=4579628e-1a00-0000-1d93-7a5ea00b0000 pid=2976 clone guuid=8774668e-1a00-0000-1d93-7a5ea10b0000 pid=2977 /home/sandbox/morte.x86 dns net send-data zombie guuid=a0c05b8e-1a00-0000-1d93-7a5e9f0b0000 pid=2975->guuid=8774668e-1a00-0000-1d93-7a5ea10b0000 pid=2977 clone guuid=8774668e-1a00-0000-1d93-7a5ea10b0000 pid=2977->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 96B 42990ff2-8d05-5781-a3b1-955a2b52eab7 jbvpshosti.com:12121 guuid=8774668e-1a00-0000-1d93-7a5ea10b0000 pid=2977->42990ff2-8d05-5781-a3b1-955a2b52eab7 send: 49B guuid=5cbfb06a-1f00-0000-1d93-7a5e77140000 pid=5239 /home/sandbox/morte.x86 net send-data guuid=8774668e-1a00-0000-1d93-7a5ea10b0000 pid=2977->guuid=5cbfb06a-1f00-0000-1d93-7a5e77140000 pid=5239 clone guuid=6092cdba-1b00-0000-1d93-7a5e970d0000 pid=3479->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 960B 310a0ed0-c544-54ca-bf3f-fca55e459297 65.222.202.53:80 guuid=6092cdba-1b00-0000-1d93-7a5e970d0000 pid=3479->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 4B c941c5a4-3d8d-584f-8f9d-7bdf1adbe796 16.24.8.255:9059 guuid=5cbfb06a-1f00-0000-1d93-7a5e77140000 pid=5239->c941c5a4-3d8d-584f-8f9d-7bdf1adbe796 send: 106522B guuid=dbb1d86a-1f00-0000-1d93-7a5e78140000 pid=5240 /home/sandbox/morte.x86 guuid=5cbfb06a-1f00-0000-1d93-7a5e77140000 pid=5239->guuid=dbb1d86a-1f00-0000-1d93-7a5e78140000 pid=5240 clone
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/0513117400cd5ab9e7e17c05131490601bae80a7c4070e4e624025d72620c594
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0513117400cd5ab9e7e17c05131490601bae80a7c4070e4e624025d72620c594/
Threat name:
Script-JS.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-06-22 23:02:20 UTC
AV detection:
6 of 24 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aujrc5aazvnltz7bpqcrgfeqman25afhyqdq4ttcias5ojraywka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250622-yl7xpawsd1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0513117400cd5ab9e7e17c05131490601bae80a7c4070e4e624025d72620c594

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 0513117400cd5ab9e7e17c05131490601bae80a7c4070e4e624025d72620c594

(this sample)

Mirai

elf 8a16774410cd820e08f6d56a5c70791182d491a0b92624845d2278433fa11922

  
URLhaus
https://urlhaus.abuse.ch/url/3569411/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3569464/
  
Dropping
MD5 904c04e6724309ee34a0a7314a00c918
  
Dropping
SHA256 8a16774410cd820e08f6d56a5c70791182d491a0b92624845d2278433fa11922

Comments