MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 168451a825713d74e986dcd9e9d4dd39809b07e9f678c0a6dda8f74c6cd8288b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 168451a825713d74e986dcd9e9d4dd39809b07e9f678c0a6dda8f74c6cd8288b
SHA3-384 hash: 39e3722befef8fe530b98923391832a5b57cf99b3a896d5440a1dabc05358d09996f77bb44ed80bd09de7341b57a61d1
SHA1 hash: c2905b2673aea5a0ff7082cb85a3edb1323d27fd
MD5 hash: dc79d664376b757cb766c9a2290e6bfd
humanhash: lamp-princess-butter-tango
File name:o.xml
Download: download sample
Signature Mirai
Create hunting rule
File size:664 bytes
First seen:2025-10-06 05:44:04 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:FH8ioNJAC7ukxGWi2jU30+0K5+A+YBjJtG5ZhG+E6:FH8j/wWi2jzAJtu
TLSH T15F014C9CE6A8DB410AB9C586F2B04504C49090D7E1F497D6F38E09236F60C9E355324D
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://tuxbot.cc/bins/x8676885f97b94045173f81713183fb36292b7b1ba9fd42c0e631c52c8316a8c679 Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.NetLoader
Link:
https://www.hybrid-analysis.com/sample/168451a825713d74e986dcd9e9d4dd39809b07e9f678c0a6dda8f74c6cd8288b
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/168451a825713d74e986dcd9e9d4dd39809b07e9f678c0a6dda8f74c6cd8288b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0e31bfd3-3749-48b5-80d3-a961f056e96e
Behavior Graph:
Download SVG
%3 guuid=91365471-3c00-0000-1039-179e95030000 pid=917 /usr/bin/sudo guuid=274a0274-3c00-0000-1039-179e96030000 pid=918 /tmp/sample.bin guuid=91365471-3c00-0000-1039-179e95030000 pid=917->guuid=274a0274-3c00-0000-1039-179e96030000 pid=918 execve guuid=3b2e3f74-3c00-0000-1039-179e97030000 pid=919 /usr/bin/dash guuid=274a0274-3c00-0000-1039-179e96030000 pid=918->guuid=3b2e3f74-3c00-0000-1039-179e97030000 pid=919 clone guuid=621b5674-3c00-0000-1039-179e98030000 pid=920 /usr/bin/dash guuid=274a0274-3c00-0000-1039-179e96030000 pid=918->guuid=621b5674-3c00-0000-1039-179e98030000 pid=920 clone guuid=210b7074-3c00-0000-1039-179e99030000 pid=921 /usr/bin/curl net send-data guuid=274a0274-3c00-0000-1039-179e96030000 pid=918->guuid=210b7074-3c00-0000-1039-179e99030000 pid=921 execve guuid=5717e87d-3c00-0000-1039-179e9b030000 pid=923 /usr/bin/wget dns net send-data write-file guuid=274a0274-3c00-0000-1039-179e96030000 pid=918->guuid=5717e87d-3c00-0000-1039-179e9b030000 pid=923 execve guuid=a24a3f8d-3c00-0000-1039-179e9c030000 pid=924 /usr/bin/chmod guuid=274a0274-3c00-0000-1039-179e96030000 pid=918->guuid=a24a3f8d-3c00-0000-1039-179e9c030000 pid=924 execve guuid=d8f0898d-3c00-0000-1039-179e9d030000 pid=925 /home/sandbox/x86 net guuid=274a0274-3c00-0000-1039-179e96030000 pid=918->guuid=d8f0898d-3c00-0000-1039-179e9d030000 pid=925 execve c7cc463e-e243-546c-844c-cd3c112d7e82 tuxbot.cc:80 guuid=210b7074-3c00-0000-1039-179e99030000 pid=921->c7cc463e-e243-546c-844c-cd3c112d7e82 send: 81B guuid=210b7074-3c00-0000-1039-179e99030000 pid=922 /usr/bin/curl dns net send-data guuid=210b7074-3c00-0000-1039-179e99030000 pid=921->guuid=210b7074-3c00-0000-1039-179e99030000 pid=922 clone 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=210b7074-3c00-0000-1039-179e99030000 pid=922->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 54B guuid=5717e87d-3c00-0000-1039-179e9b030000 pid=923->c7cc463e-e243-546c-844c-cd3c112d7e82 send: 132B guuid=5717e87d-3c00-0000-1039-179e9b030000 pid=923->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 54B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=d8f0898d-3c00-0000-1039-179e9d030000 pid=925->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d3afb58d-3c00-0000-1039-179e9e030000 pid=926 /home/sandbox/x86 guuid=d8f0898d-3c00-0000-1039-179e9d030000 pid=925->guuid=d3afb58d-3c00-0000-1039-179e9e030000 pid=926 clone guuid=aecc69c9-3c00-0000-1039-179e9f030000 pid=927 /home/sandbox/x86 guuid=d8f0898d-3c00-0000-1039-179e9d030000 pid=925->guuid=aecc69c9-3c00-0000-1039-179e9f030000 pid=927 clone guuid=14e41e05-3d00-0000-1039-179ea0030000 pid=928 /home/sandbox/x86 guuid=d8f0898d-3c00-0000-1039-179e9d030000 pid=925->guuid=14e41e05-3d00-0000-1039-179ea0030000 pid=928 clone guuid=5d612a05-3d00-0000-1039-179ea1030000 pid=929 /home/sandbox/x86 net send-data zombie guuid=d8f0898d-3c00-0000-1039-179e9d030000 pid=925->guuid=5d612a05-3d00-0000-1039-179ea1030000 pid=929 clone guuid=5d612a05-3d00-0000-1039-179ea1030000 pid=929->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 6faca35e-40c1-5dcc-8c2c-fd09a28a30af tuxbot.cc:1999 guuid=5d612a05-3d00-0000-1039-179ea1030000 pid=929->6faca35e-40c1-5dcc-8c2c-fd09a28a30af send: 10B guuid=de364805-3d00-0000-1039-179ea2030000 pid=930 /home/sandbox/x86 guuid=5d612a05-3d00-0000-1039-179ea1030000 pid=929->guuid=de364805-3d00-0000-1039-179ea2030000 pid=930 clone guuid=6d0d0e41-3d00-0000-1039-179ea3030000 pid=931 /home/sandbox/x86 guuid=5d612a05-3d00-0000-1039-179ea1030000 pid=929->guuid=6d0d0e41-3d00-0000-1039-179ea3030000 pid=931 clone guuid=bdc5b77c-3d00-0000-1039-179ea4030000 pid=932 /home/sandbox/x86 guuid=5d612a05-3d00-0000-1039-179ea1030000 pid=929->guuid=bdc5b77c-3d00-0000-1039-179ea4030000 pid=932 clone
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/168451a825713d74e986dcd9e9d4dd39809b07e9f678c0a6dda8f74c6cd8288b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/168451a825713d74e986dcd9e9d4dd39809b07e9f678c0a6dda8f74c6cd8288b/
Threat name:
Script-JS.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-06 06:10:21 UTC
File Type:
Text
AV detection:
7 of 38 (18.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c2cfdkbfoe6xj2mg3tm6tvg5hgajwb7j6z4mbjw5vd3uy3gyfcfq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251006-gxgq7sfr4s/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/168451a825713d74e986dcd9e9d4dd39809b07e9f678c0a6dda8f74c6cd8288b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 168451a825713d74e986dcd9e9d4dd39809b07e9f678c0a6dda8f74c6cd8288b

(this sample)

Mirai

elf 76885f97b94045173f81713183fb36292b7b1ba9fd42c0e631c52c8316a8c679

  
URLhaus
https://urlhaus.abuse.ch/url/3659950/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c953d6e08403e8984707e1eb1c24e18b
  
Dropping
SHA256 76885f97b94045173f81713183fb36292b7b1ba9fd42c0e631c52c8316a8c679
  
URLhaus
https://urlhaus.abuse.ch/url/3660267/

Comments