MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 064dacdf4c84163d1b5317c06fad65864e44325e9792f0cb05a00e280d0e213f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 064dacdf4c84163d1b5317c06fad65864e44325e9792f0cb05a00e280d0e213f
SHA3-384 hash: 85aa272cdea28e993d437be789bf0859d2efcf775a4e767a911feceb210cd066fbb1080b02c6f40ccdcd5f949fa38710
SHA1 hash: 97f68a7872b803ed5403d70d9c495e106344b13b
MD5 hash: 7afeed9b7cf8934dc4651a69d46890ef
humanhash: tennessee-sad-hamper-north
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'006 bytes
First seen:2025-11-26 22:44:40 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3JeulQJeWsVQJegNIOOAQJepNK4HQJehEQJeXQJe6TDkwQJeCsHQJenKAQJe2f:3J3Jzu7NNIDcKx2hfTDkJk0PZoRwlHR
TLSH T1CA116D9D73A59816EF2C4EC8B079C02CF668C1E1FAB44E85F07D44F5649D31C2268B3A
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.225.17.59/bins/sora.arm304ff22ae11eac55dae91ef5cb60bba3d5eefe46f577628c8f415c7dc0c29767 Miraiarm elf geofenced mirai ua-wget USA
http://185.225.17.59/bins/sora.arm50298237c7a11b7d66ac06fdd0cb4597cab31c8a9c6a839a711bba248e2b8952f Miraiarm elf geofenced mirai ua-wget USA
http://185.225.17.59/bins/sora.arm622c687762613de5420616e66c2bed00a956e1a777be4d02034a67a94a6dcd5a6 Miraiarm elf geofenced mirai ua-wget USA
http://185.225.17.59/bins/sora.arm785f27c42f81af2c3693f8861c831b0dd29d79d19725d3471183c7b25409d2f24 Miraiarm elf geofenced mirai ua-wget USA
http://185.225.17.59/bins/sora.m68k61e7512ef86e3757dfd70f5aa90b75dde2ecaf892485f4a9e2e82b9505933bce Miraielf geofenced m68k mirai ua-wget USA
http://185.225.17.59/bins/sora.mips360253efd18abe867e0e4d2d2816d18ec4436be382514914c8ff0750de419ace Miraielf geofenced mips mirai ua-wget USA
http://185.225.17.59/bins/sora.mpsle8b5689a10dd5adb13ccd2ee49cc4789c0b32fdbdd012a9f7b781baa24e91c82 Miraielf geofenced mips mirai ua-wget USA
http://185.225.17.59/bins/sora.ppc7d52c3d6865d64711a1b444d4c636a7a5714afa4fb44cc0d271c01391ef29474 Miraielf geofenced mirai PowerPC ua-wget USA
http://185.225.17.59/bins/sora.sh4c7c9a34d859a2e82586adfc106885a79c3a9a5b94bbc59a2ef3dd02e3e8d8c2b Miraielf geofenced mirai SuperH ua-wget USA
http://185.225.17.59/bins/sora.spc91422e82ae51358841b2cad6c5fe72ce609161067cfffc2e96386333f8a0f686 Miraielf geofenced mirai sparc ua-wget USA
http://185.225.17.59/bins/sora.x86bbd1c88be8e6b53ac269f182e903a0a3f0503d96525842b6afbc5458d5cbd7eb Miraielf geofenced mirai ua-wget USA x86
http://185.225.17.59/bins/sora.x86_64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6927830dc17466c5963684eb/reports/7c07db26-bd53-4198-9687-1babd726084a/overview
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/064dacdf4c84163d1b5317c06fad65864e44325e9792f0cb05a00e280d0e213f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/064dacdf4c84163d1b5317c06fad65864e44325e9792f0cb05a00e280d0e213f/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-26 22:45:36 UTC
File Type:
Text (Shell)
AV detection:
12 of 36 (33.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=azg2zx2mqqld2g2tc7ag7llfqzheims6s6jpbsyfuahcqdioee7q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251126-2pmygagp3t/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/064dacdf4c84163d1b5317c06fad65864e44325e9792f0cb05a00e280d0e213f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 064dacdf4c84163d1b5317c06fad65864e44325e9792f0cb05a00e280d0e213f

(this sample)

Mirai

elf a24a63635d9ac813f92acb890abd0793ab85871e0b484402236a646674ddae56

Mirai

elf 304ff22ae11eac55dae91ef5cb60bba3d5eefe46f577628c8f415c7dc0c29767

  
URLhaus
https://urlhaus.abuse.ch/url/3717476/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3c7531a3652efc97a9c2713a078cdf17
  
Dropping
SHA256 304ff22ae11eac55dae91ef5cb60bba3d5eefe46f577628c8f415c7dc0c29767

Comments