MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16001fe54b6deccff414844416ffe6daab22b91e10de0e40809e12cfad71a59f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16001fe54b6deccff414844416ffe6daab22b91e10de0e40809e12cfad71a59f
SHA3-384 hash: 9287db5c89c12c174d4a4bddeee60c4d4dcc781159e80e26012f24531f4958c2a7d153d9e1bd6b012512719452c40468
SHA1 hash: 1bda8aee0240b358b8eb316b20856e5c849811f8
MD5 hash: de26eb27121c40ca5de9d994a470619d
humanhash: utah-william-pennsylvania-charlie
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:993 bytes
First seen:2025-11-26 22:44:46 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:Seul+DeWsV+DegNIOOA+DepNK4H+DehE+DeX+De6TDkw+DeCsH+DenKA+De2vH+I:SzAvNNIncKB4RfTDkpkaPZuRmlxn
TLSH T154115B9D73615819DB2C4EC530798520E76D82A1FAB84F89F4BD04F7689D718626CF0B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.225.17.59/bins/sora.arm304ff22ae11eac55dae91ef5cb60bba3d5eefe46f577628c8f415c7dc0c29767 Miraiarm elf geofenced mirai ua-wget USA
http://185.225.17.59/bins/sora.arm50298237c7a11b7d66ac06fdd0cb4597cab31c8a9c6a839a711bba248e2b8952f Miraiarm elf geofenced mirai ua-wget USA
http://185.225.17.59/bins/sora.arm622c687762613de5420616e66c2bed00a956e1a777be4d02034a67a94a6dcd5a6 Miraiarm elf geofenced mirai ua-wget USA
http://185.225.17.59/bins/sora.arm785f27c42f81af2c3693f8861c831b0dd29d79d19725d3471183c7b25409d2f24 Miraiarm elf geofenced mirai ua-wget USA
http://185.225.17.59/bins/sora.m68k61e7512ef86e3757dfd70f5aa90b75dde2ecaf892485f4a9e2e82b9505933bce Miraielf geofenced m68k mirai ua-wget USA
http://185.225.17.59/bins/sora.mips360253efd18abe867e0e4d2d2816d18ec4436be382514914c8ff0750de419ace Miraielf geofenced mips mirai ua-wget USA
http://185.225.17.59/bins/sora.mpsle8b5689a10dd5adb13ccd2ee49cc4789c0b32fdbdd012a9f7b781baa24e91c82 Miraielf geofenced mips mirai ua-wget USA
http://185.225.17.59/bins/sora.ppc7d52c3d6865d64711a1b444d4c636a7a5714afa4fb44cc0d271c01391ef29474 Miraielf geofenced mirai PowerPC ua-wget USA
http://185.225.17.59/bins/sora.sh4c7c9a34d859a2e82586adfc106885a79c3a9a5b94bbc59a2ef3dd02e3e8d8c2b Miraielf geofenced mirai SuperH ua-wget USA
http://185.225.17.59/bins/sora.spc91422e82ae51358841b2cad6c5fe72ce609161067cfffc2e96386333f8a0f686 Miraielf geofenced mirai sparc ua-wget USA
http://185.225.17.59/bins/sora.x86bbd1c88be8e6b53ac269f182e903a0a3f0503d96525842b6afbc5458d5cbd7eb Miraielf geofenced mirai ua-wget USA x86
http://185.225.17.59/bins/sora.x86_64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6927830ecf370871515e34ba/reports/e009eede-81c2-41c6-871a-b66b21803c63/overview
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/16001fe54b6deccff414844416ffe6daab22b91e10de0e40809e12cfad71a59f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16001fe54b6deccff414844416ffe6daab22b91e10de0e40809e12cfad71a59f/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-26 22:45:42 UTC
File Type:
Text (Shell)
AV detection:
12 of 36 (33.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cyab7zklnxwm75auqrcbn77g3kvsfoi6cdpa4qeatyjm7llruwpq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251126-2pmygagp3z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/16001fe54b6deccff414844416ffe6daab22b91e10de0e40809e12cfad71a59f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 16001fe54b6deccff414844416ffe6daab22b91e10de0e40809e12cfad71a59f

(this sample)

Mirai

elf a24a63635d9ac813f92acb890abd0793ab85871e0b484402236a646674ddae56

Mirai

elf 304ff22ae11eac55dae91ef5cb60bba3d5eefe46f577628c8f415c7dc0c29767

  
URLhaus
https://urlhaus.abuse.ch/url/3717477/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3c7531a3652efc97a9c2713a078cdf17
  
Dropping
SHA256 304ff22ae11eac55dae91ef5cb60bba3d5eefe46f577628c8f415c7dc0c29767

Comments