MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10fd20f45a44d5c427e55b9128d3dc889e5d25b0a56260a8cecc4b75fc7423b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10fd20f45a44d5c427e55b9128d3dc889e5d25b0a56260a8cecc4b75fc7423b7
SHA3-384 hash: 8b9530861f05776090542cf347b64f42051a6eb392367b8d7790c9873d513a4f00e898a2ed9d93a4b3b822a4fc55a7cf
SHA1 hash: c415e80141ae9d9a12ba108a48f1272614bc6094
MD5 hash: 0f56ca782007f072e2763c0ff9d900ca
humanhash: early-oregon-happy-cardinal
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:618 bytes
First seen:2025-05-16 09:38:42 UTC
Last seen:2025-05-17 08:30:30 UTC
File type: sh
MIME type:text/plain
ssdeep 12:QvJXOpue8f+AiJKgCWKDbnPZzJ+jecMibscMcdBcM4cM6hFscM3f0LK2a:QvZi4wDIbZ4ecMibscMcdBcM4cM6hucg
TLSH T143F0D8CA64A4E95149508FC3F27A5920B982DBC945A00F0DB892387BAC2C92433E9F17
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.149.29.68/mipsf84d591eb643e47542bf9665307d909fcb252b170f31280b6c18f6dac877fdc9 Miraicensys elf mirai ua-wget
http://103.149.29.68/mpsl147125b7314161e8eeaacc8887ec43c85f38936bd96c534276ac90c97594fd56 Miraicensys elf mirai ua-wget
http://103.149.29.68/arm4db24eade25ad55c9f76db969f88ae866d330d2d2d30d85533ec9831bfaa0b55c Miraicensys elf mirai ua-wget
http://103.149.29.68/arm57acfedd2b92a0d344c1ae07d037be2dadcf1f27f64fbd72c18ceb03d53c2d6b9 Miraicensys elf mirai ua-wget
http://103.149.29.68/arm744ae290eefb70f644382bd2f1ff6232150ba5872b8a4d7feef1fe45e2371de94 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
61
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=682707c44a59e5a2ce051802linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/682707babff72ff46b650fe4/reports/d2120b83-3c27-4e4b-aad5-2f0cc3b155d6/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/10fd20f45a44d5c427e55b9128d3dc889e5d25b0a56260a8cecc4b75fc7423b7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/10fd20f45a44d5c427e55b9128d3dc889e5d25b0a56260a8cecc4b75fc7423b7/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-05-16 07:13:18 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cd6sb5c2itk4ij7floisru64rcpf2jnquvrgbkgozrfxl7dueo3q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250516-lmpfhsslz5/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/10fd20f45a44d5c427e55b9128d3dc889e5d25b0a56260a8cecc4b75fc7423b7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 10fd20f45a44d5c427e55b9128d3dc889e5d25b0a56260a8cecc4b75fc7423b7

(this sample)

Mirai

elf f84d591eb643e47542bf9665307d909fcb252b170f31280b6c18f6dac877fdc9

  
Dropping
MD5 a56c87cbb49a108437302423fe2e734c
  
Dropping
SHA256 f84d591eb643e47542bf9665307d909fcb252b170f31280b6c18f6dac877fdc9
  
URLhaus
https://urlhaus.abuse.ch/url/3544842/
  
Delivery method
Distributed via web download

Comments