MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17978a551b94f87bb71054e085968c4302bac4bf557bc22a935df5d052fdff7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17978a551b94f87bb71054e085968c4302bac4bf557bc22a935df5d052fdff7d
SHA3-384 hash: 99233dbf4fe3d0877635f47c46914940403cae586b302522ae01795e1ba95566466f78b8bed813c9071f92f21e74224a
SHA1 hash: 1e42ee89bb20a025f6214db3919b732d910c74d7
MD5 hash: 9707fd572a8a0f29584d663c3f1fa665
humanhash: georgia-south-angel-single
File name:r
Download: download sample
Signature Mirai
Create hunting rule
File size:1'057 bytes
First seen:2025-09-05 15:28:56 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:E22IbO5zOt+MB0hR+kJspsmkJGhkJeZ1hkJjUkD:EAO5CEA0ikAkIk0ZnkGkD
TLSH T166116ACF5A61AC71DCA86A9D37520C14B48DC5E425CBCE8CB6CD4139E8D9E0835E2FA9
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.51.126.131/v/armv4le333d6098ba7af114b4e8b290f0e587592067b8e153798bf4763262d2074ad96 Miraielf mirai ua-wget
http://158.51.126.131/v/armv5l79d810e67c7bd6c6669214c1c4b631829d90726886b4167a232813d8434ef3f7 Miraielf mirai ua-wget
http://158.51.126.131/v/armv7lc3788d92bfc3a08dbcca4476832c46b099bcad182c56cdbccf837eb0edb6cd77 Miraielf mirai ua-wget
http://158.51.126.131/v/mipsd4e2e83716082a12346f565d13cc06546a099a05725f194c135f7b3839473a6c Miraielf mirai ua-wget
http://158.51.126.131/v/mipsel8db391280f5fda83a9dc476d69d093827bb72b3a90c3112679855eacabb996e1 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32150.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/68bb044f20d0ee406d96e505/reports/1b2cddcc-c406-4b5a-ba2d-26d21a73b611/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-09-05T12:46:00Z UTC
Last seen:
2025-09-05T12:46:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/17978a551b94f87bb71054e085968c4302bac4bf557bc22a935df5d052fdff7d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/50f01f22-b570-453f-b227-2ddef01f0fa7
Behavior Graph:
Download SVG
%3 guuid=dbfd4e99-1700-0000-7163-dc9ec30b0000 pid=3011 /usr/bin/sudo guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016 /tmp/sample.bin guuid=dbfd4e99-1700-0000-7163-dc9ec30b0000 pid=3011->guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016 execve guuid=0b5e319b-1700-0000-7163-dc9eca0b0000 pid=3018 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=0b5e319b-1700-0000-7163-dc9eca0b0000 pid=3018 clone guuid=5937009c-1700-0000-7163-dc9ed20b0000 pid=3026 /usr/bin/rm delete-file guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=5937009c-1700-0000-7163-dc9ed20b0000 pid=3026 execve guuid=67ea469c-1700-0000-7163-dc9ed40b0000 pid=3028 /usr/bin/rm delete-file guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=67ea469c-1700-0000-7163-dc9ed40b0000 pid=3028 execve guuid=bc9b879c-1700-0000-7163-dc9ed60b0000 pid=3030 /usr/bin/rm delete-file guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=bc9b879c-1700-0000-7163-dc9ed60b0000 pid=3030 execve guuid=1cbfc39c-1700-0000-7163-dc9ed70b0000 pid=3031 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=1cbfc39c-1700-0000-7163-dc9ed70b0000 pid=3031 clone guuid=066fbf9d-1700-0000-7163-dc9edc0b0000 pid=3036 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=066fbf9d-1700-0000-7163-dc9edc0b0000 pid=3036 clone guuid=1bdf069e-1700-0000-7163-dc9edf0b0000 pid=3039 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=1bdf069e-1700-0000-7163-dc9edf0b0000 pid=3039 clone guuid=84634fca-1700-0000-7163-dc9e600c0000 pid=3168 /usr/bin/chmod guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=84634fca-1700-0000-7163-dc9e600c0000 pid=3168 execve guuid=9faa8eca-1700-0000-7163-dc9e610c0000 pid=3169 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=9faa8eca-1700-0000-7163-dc9e610c0000 pid=3169 clone guuid=1e3d2acc-1700-0000-7163-dc9e670c0000 pid=3175 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=1e3d2acc-1700-0000-7163-dc9e670c0000 pid=3175 clone guuid=262f74f6-1700-0000-7163-dc9e970c0000 pid=3223 /usr/bin/chmod guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=262f74f6-1700-0000-7163-dc9e970c0000 pid=3223 execve guuid=a2d12bf7-1700-0000-7163-dc9e980c0000 pid=3224 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=a2d12bf7-1700-0000-7163-dc9e980c0000 pid=3224 clone guuid=c17134f8-1700-0000-7163-dc9e9a0c0000 pid=3226 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=c17134f8-1700-0000-7163-dc9e9a0c0000 pid=3226 clone guuid=5f1da223-1800-0000-7163-dc9ebf0c0000 pid=3263 /usr/bin/chmod guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=5f1da223-1800-0000-7163-dc9ebf0c0000 pid=3263 execve guuid=70822324-1800-0000-7163-dc9ec00c0000 pid=3264 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=70822324-1800-0000-7163-dc9ec00c0000 pid=3264 clone guuid=6ef39625-1800-0000-7163-dc9ec30c0000 pid=3267 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=6ef39625-1800-0000-7163-dc9ec30c0000 pid=3267 clone guuid=bc957a51-1800-0000-7163-dc9e0b0d0000 pid=3339 /usr/bin/chmod guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=bc957a51-1800-0000-7163-dc9e0b0d0000 pid=3339 execve guuid=a06efc51-1800-0000-7163-dc9e0d0d0000 pid=3341 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=a06efc51-1800-0000-7163-dc9e0d0d0000 pid=3341 clone guuid=92b85c53-1800-0000-7163-dc9e0f0d0000 pid=3343 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=92b85c53-1800-0000-7163-dc9e0f0d0000 pid=3343 clone guuid=2a852b7f-1800-0000-7163-dc9e490d0000 pid=3401 /usr/bin/chmod guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=2a852b7f-1800-0000-7163-dc9e490d0000 pid=3401 execve guuid=90f9807f-1800-0000-7163-dc9e4a0d0000 pid=3402 /usr/bin/dash guuid=c00bec9a-1700-0000-7163-dc9ec80b0000 pid=3016->guuid=90f9807f-1800-0000-7163-dc9e4a0d0000 pid=3402 clone guuid=7e5b3f9b-1700-0000-7163-dc9ecb0b0000 pid=3019 /usr/bin/cat guuid=0b5e319b-1700-0000-7163-dc9eca0b0000 pid=3018->guuid=7e5b3f9b-1700-0000-7163-dc9ecb0b0000 pid=3019 execve guuid=8a35459b-1700-0000-7163-dc9ecc0b0000 pid=3020 /usr/bin/grep guuid=0b5e319b-1700-0000-7163-dc9eca0b0000 pid=3018->guuid=8a35459b-1700-0000-7163-dc9ecc0b0000 pid=3020 execve guuid=4a6b489b-1700-0000-7163-dc9ecd0b0000 pid=3021 /usr/bin/grep guuid=0b5e319b-1700-0000-7163-dc9eca0b0000 pid=3018->guuid=4a6b489b-1700-0000-7163-dc9ecd0b0000 pid=3021 execve guuid=b2074e9b-1700-0000-7163-dc9ece0b0000 pid=3022 /usr/bin/grep guuid=0b5e319b-1700-0000-7163-dc9eca0b0000 pid=3018->guuid=b2074e9b-1700-0000-7163-dc9ece0b0000 pid=3022 execve guuid=4780529b-1700-0000-7163-dc9ecf0b0000 pid=3023 /usr/bin/cut guuid=0b5e319b-1700-0000-7163-dc9eca0b0000 pid=3018->guuid=4780529b-1700-0000-7163-dc9ecf0b0000 pid=3023 execve guuid=b72ecc9c-1700-0000-7163-dc9ed80b0000 pid=3032 /usr/bin/cp write-file guuid=1cbfc39c-1700-0000-7163-dc9ed70b0000 pid=3031->guuid=b72ecc9c-1700-0000-7163-dc9ed80b0000 pid=3032 execve guuid=6c4ac69d-1700-0000-7163-dc9edd0b0000 pid=3037 /usr/bin/chmod guuid=066fbf9d-1700-0000-7163-dc9edc0b0000 pid=3036->guuid=6c4ac69d-1700-0000-7163-dc9edd0b0000 pid=3037 execve guuid=a111149e-1700-0000-7163-dc9ee00b0000 pid=3040 /usr/bin/wget net send-data write-file guuid=1bdf069e-1700-0000-7163-dc9edf0b0000 pid=3039->guuid=a111149e-1700-0000-7163-dc9ee00b0000 pid=3040 execve 2beca644-24da-5e18-bc49-c06b8c4a111d 158.51.126.131:80 guuid=a111149e-1700-0000-7163-dc9ee00b0000 pid=3040->2beca644-24da-5e18-bc49-c06b8c4a111d send: 137B guuid=245533cc-1700-0000-7163-dc9e680c0000 pid=3176 /usr/bin/wget net send-data write-file guuid=1e3d2acc-1700-0000-7163-dc9e670c0000 pid=3175->guuid=245533cc-1700-0000-7163-dc9e680c0000 pid=3176 execve guuid=245533cc-1700-0000-7163-dc9e680c0000 pid=3176->2beca644-24da-5e18-bc49-c06b8c4a111d send: 137B guuid=b9923df8-1700-0000-7163-dc9e9b0c0000 pid=3227 /usr/bin/wget net send-data write-file guuid=c17134f8-1700-0000-7163-dc9e9a0c0000 pid=3226->guuid=b9923df8-1700-0000-7163-dc9e9b0c0000 pid=3227 execve guuid=b9923df8-1700-0000-7163-dc9e9b0c0000 pid=3227->2beca644-24da-5e18-bc49-c06b8c4a111d send: 137B guuid=3e0aa825-1800-0000-7163-dc9ec40c0000 pid=3268 /usr/bin/wget net send-data write-file guuid=6ef39625-1800-0000-7163-dc9ec30c0000 pid=3267->guuid=3e0aa825-1800-0000-7163-dc9ec40c0000 pid=3268 execve guuid=3e0aa825-1800-0000-7163-dc9ec40c0000 pid=3268->2beca644-24da-5e18-bc49-c06b8c4a111d send: 135B guuid=db556b53-1800-0000-7163-dc9e100d0000 pid=3344 /usr/bin/wget net send-data write-file guuid=92b85c53-1800-0000-7163-dc9e0f0d0000 pid=3343->guuid=db556b53-1800-0000-7163-dc9e100d0000 pid=3344 execve guuid=db556b53-1800-0000-7163-dc9e100d0000 pid=3344->2beca644-24da-5e18-bc49-c06b8c4a111d send: 137B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/17978a551b94f87bb71054e085968c4302bac4bf557bc22a935df5d052fdff7d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/17978a551b94f87bb71054e085968c4302bac4bf557bc22a935df5d052fdff7d/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/17978a551b94f87bb71054e085968c4302bac4bf557bc22a935df5d052fdff7d
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-09-05 15:37:24 UTC
File Type:
Text (Shell)
AV detection:
8 of 24 (33.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c6lyuvi3st4hxnyqktqilfumimblvrf7kv54ekutlx25aux5756q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250905-sz6nwsyrz8/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/17978a551b94f87bb71054e085968c4302bac4bf557bc22a935df5d052fdff7d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 17978a551b94f87bb71054e085968c4302bac4bf557bc22a935df5d052fdff7d

(this sample)

Mirai

elf e333d6098ba7af114b4e8b290f0e587592067b8e153798bf4763262d2074ad96

  
URLhaus
https://urlhaus.abuse.ch/url/3579315/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f79e16a572b31fd90195274c2a38baf7
  
Dropping
SHA256 e333d6098ba7af114b4e8b290f0e587592067b8e153798bf4763262d2074ad96

Comments