MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18e059665f071b1cb665f9b00a65d738d92e9520b947c8b239eb473ad21e9d66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18e059665f071b1cb665f9b00a65d738d92e9520b947c8b239eb473ad21e9d66
SHA3-384 hash: e173c7b1709130c4a6e4ffbdbb1173107db5c6bc6f8dfe4149e927378e2302410a1c704b759e9948ad4a4f8080b30df1
SHA1 hash: 25a04c12ccfa8a17c8bc5a5393c853c86b5652e8
MD5 hash: 46d7f5525822f7fcf261bcd24afafc28
humanhash: neptune-bravo-single-neptune
File name:f5
Download: download sample
Signature Mirai
Create hunting rule
File size:1'038 bytes
First seen:2025-09-08 16:34:38 UTC
Last seen:2025-09-09 11:33:11 UTC
File type: sh
MIME type:text/plain
ssdeep 24:IiScySSNKcxVKTyCCoC0NAXQr0wzYK+KNIy4lCIbkyj:IiPybNKcxUyCCoC0NAXQr0wzYH64lCIl
TLSH T17D11FADE6C61A041850ABF54A1B33734B915E1A123A0EF4EDED4197987CCE20B1E9BC5
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://109.205.213.5/resgod.x86b0ff5d417b98975a78c034c4c9ed42cd68813c8c3415ea894b7687e06c10cf3b Miraielf mirai
http://109.205.213.5/resgod.spc6e0f15c3a92edea0104cd9050dea4f26e61ccccb0c04503c0574a0ea4c6d8c1a Miraielf mirai ua-wget
http://109.205.213.5/resgod.sh4d9c3bdbfc3930340483c07ff809d21b3a70c431b4e93b0938c010a90bd629538 Miraielf mirai
http://109.205.213.5/resgod.ppc79c1d9a2427318b5bfedc8040e8d3bdbd503892b3ad16c641b62886e03efa1f4 Miraielf mirai
http://109.205.213.5/resgod.mpslab2e398b9d039ff05a0e2361e7b8391e1957e0252efab1ff4a37efbadcdc8357 Miraielf mirai
http://109.205.213.5/resgod.mipsa829c07ba77c4fa8e2153e65e68b14ffa0fe8bfb5da8b0643ecd43ad63f20506 Miraielf mirai
http://109.205.213.5/resgod.m68kd062d1cf10cc8da9da71b159e7d7dcf62990cd6bcc32041ed8f7e4151621c6be Miraielf mirai ua-wget
http://109.205.213.5/resgod.arm7ab1a7156179e8ba66177bfe455a2a00e0bdec190e2dda53fe046518853d93a06 Miraielf mirai
http://109.205.213.5/resgod.arm646de942f38760912e646e5832eb6dbc8dc128b8f8e20b678de7e2e34c4ea1300 Miraielf mirai
http://109.205.213.5/resgod.arm5e89328219e412a061745f826ee6ad9be1a56ea91de224f3178a93b63375604b9 Miraielf mirai
http://109.205.213.5/resgod.arm6139cadea1690b3f429e693688a7c024b596d373d592ee6d2e7edb77bc436fe2 Miraielf mirai
http://109.205.213.5/resgod.arc3c1f47cb749115c78ccb72e75eb06e3a0b8f5ec68169c55b0bbf4674b9c35f7a Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/18e059665f071b1cb665f9b00a65d738d92e9520b947c8b239eb473ad21e9d66
Verdict:
Malicious
File Type:
text
First seen:
2025-09-08T14:32:00Z UTC
Last seen:
2025-09-08T14:32:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/18e059665f071b1cb665f9b00a65d738d92e9520b947c8b239eb473ad21e9d66/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/248bd688-d216-45ba-86d4-44168391a3fb
Behavior Graph:
Download SVG
%3 guuid=040c1b0d-1a00-0000-e2e1-8eaf92080000 pid=2194 /usr/bin/sudo guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200 /tmp/sample.bin guuid=040c1b0d-1a00-0000-e2e1-8eaf92080000 pid=2194->guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200 execve guuid=9e37730f-1a00-0000-e2e1-8eaf99080000 pid=2201 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=9e37730f-1a00-0000-e2e1-8eaf99080000 pid=2201 execve guuid=33bf7c22-1a00-0000-e2e1-8eafcd080000 pid=2253 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=33bf7c22-1a00-0000-e2e1-8eafcd080000 pid=2253 execve guuid=c983c922-1a00-0000-e2e1-8eafcf080000 pid=2255 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=c983c922-1a00-0000-e2e1-8eafcf080000 pid=2255 clone guuid=0064d922-1a00-0000-e2e1-8eafd0080000 pid=2256 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=0064d922-1a00-0000-e2e1-8eafd0080000 pid=2256 execve guuid=8b0add2e-1a00-0000-e2e1-8eafe0080000 pid=2272 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=8b0add2e-1a00-0000-e2e1-8eafe0080000 pid=2272 execve guuid=0452512f-1a00-0000-e2e1-8eafe3080000 pid=2275 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=0452512f-1a00-0000-e2e1-8eafe3080000 pid=2275 clone guuid=9813662f-1a00-0000-e2e1-8eafe4080000 pid=2276 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=9813662f-1a00-0000-e2e1-8eafe4080000 pid=2276 execve guuid=2dbfba3a-1a00-0000-e2e1-8eaffa080000 pid=2298 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=2dbfba3a-1a00-0000-e2e1-8eaffa080000 pid=2298 execve guuid=6c87f33a-1a00-0000-e2e1-8eaffc080000 pid=2300 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=6c87f33a-1a00-0000-e2e1-8eaffc080000 pid=2300 clone guuid=a7c4f83a-1a00-0000-e2e1-8eaffd080000 pid=2301 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=a7c4f83a-1a00-0000-e2e1-8eaffd080000 pid=2301 execve guuid=80cfae45-1a00-0000-e2e1-8eaf0e090000 pid=2318 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=80cfae45-1a00-0000-e2e1-8eaf0e090000 pid=2318 execve guuid=217a2046-1a00-0000-e2e1-8eaf10090000 pid=2320 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=217a2046-1a00-0000-e2e1-8eaf10090000 pid=2320 clone guuid=97293c46-1a00-0000-e2e1-8eaf11090000 pid=2321 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=97293c46-1a00-0000-e2e1-8eaf11090000 pid=2321 execve guuid=cd540351-1a00-0000-e2e1-8eaf23090000 pid=2339 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=cd540351-1a00-0000-e2e1-8eaf23090000 pid=2339 execve guuid=b0303951-1a00-0000-e2e1-8eaf24090000 pid=2340 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=b0303951-1a00-0000-e2e1-8eaf24090000 pid=2340 clone guuid=8bb54151-1a00-0000-e2e1-8eaf25090000 pid=2341 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=8bb54151-1a00-0000-e2e1-8eaf25090000 pid=2341 execve guuid=8b074f5d-1a00-0000-e2e1-8eaf39090000 pid=2361 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=8b074f5d-1a00-0000-e2e1-8eaf39090000 pid=2361 execve guuid=1dd9065e-1a00-0000-e2e1-8eaf3a090000 pid=2362 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=1dd9065e-1a00-0000-e2e1-8eaf3a090000 pid=2362 clone guuid=aea20f5e-1a00-0000-e2e1-8eaf3b090000 pid=2363 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=aea20f5e-1a00-0000-e2e1-8eaf3b090000 pid=2363 execve guuid=43636d69-1a00-0000-e2e1-8eaf4f090000 pid=2383 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=43636d69-1a00-0000-e2e1-8eaf4f090000 pid=2383 execve guuid=08e0ae69-1a00-0000-e2e1-8eaf51090000 pid=2385 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=08e0ae69-1a00-0000-e2e1-8eaf51090000 pid=2385 clone guuid=de8cba69-1a00-0000-e2e1-8eaf52090000 pid=2386 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=de8cba69-1a00-0000-e2e1-8eaf52090000 pid=2386 execve guuid=d5a6e575-1a00-0000-e2e1-8eaf6f090000 pid=2415 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=d5a6e575-1a00-0000-e2e1-8eaf6f090000 pid=2415 execve guuid=926e3a76-1a00-0000-e2e1-8eaf71090000 pid=2417 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=926e3a76-1a00-0000-e2e1-8eaf71090000 pid=2417 clone guuid=cc244676-1a00-0000-e2e1-8eaf72090000 pid=2418 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=cc244676-1a00-0000-e2e1-8eaf72090000 pid=2418 execve guuid=3a5a0c81-1a00-0000-e2e1-8eaf83090000 pid=2435 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=3a5a0c81-1a00-0000-e2e1-8eaf83090000 pid=2435 execve guuid=55184c81-1a00-0000-e2e1-8eaf84090000 pid=2436 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=55184c81-1a00-0000-e2e1-8eaf84090000 pid=2436 clone guuid=05915181-1a00-0000-e2e1-8eaf86090000 pid=2438 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=05915181-1a00-0000-e2e1-8eaf86090000 pid=2438 execve guuid=0e22038c-1a00-0000-e2e1-8eaf9a090000 pid=2458 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=0e22038c-1a00-0000-e2e1-8eaf9a090000 pid=2458 execve guuid=d9bc6a8c-1a00-0000-e2e1-8eaf9d090000 pid=2461 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=d9bc6a8c-1a00-0000-e2e1-8eaf9d090000 pid=2461 clone guuid=17427a8c-1a00-0000-e2e1-8eaf9e090000 pid=2462 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=17427a8c-1a00-0000-e2e1-8eaf9e090000 pid=2462 execve guuid=b7086f97-1a00-0000-e2e1-8eafb9090000 pid=2489 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=b7086f97-1a00-0000-e2e1-8eafb9090000 pid=2489 execve guuid=9ce0a897-1a00-0000-e2e1-8eafbb090000 pid=2491 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=9ce0a897-1a00-0000-e2e1-8eafbb090000 pid=2491 clone guuid=7d5cb597-1a00-0000-e2e1-8eafbc090000 pid=2492 /usr/bin/wget net send-data guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=7d5cb597-1a00-0000-e2e1-8eafbc090000 pid=2492 execve guuid=e7c2dfa4-1a00-0000-e2e1-8eafde090000 pid=2526 /usr/bin/chmod guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=e7c2dfa4-1a00-0000-e2e1-8eafde090000 pid=2526 execve guuid=46bd3ca5-1a00-0000-e2e1-8eafdf090000 pid=2527 /usr/bin/dash guuid=f180370f-1a00-0000-e2e1-8eaf98080000 pid=2200->guuid=46bd3ca5-1a00-0000-e2e1-8eafdf090000 pid=2527 clone 9df19bce-d755-5940-91ff-d0e847757959 109.205.213.5:80 guuid=9e37730f-1a00-0000-e2e1-8eaf99080000 pid=2201->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=0064d922-1a00-0000-e2e1-8eafd0080000 pid=2256->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=9813662f-1a00-0000-e2e1-8eafe4080000 pid=2276->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=a7c4f83a-1a00-0000-e2e1-8eaffd080000 pid=2301->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=97293c46-1a00-0000-e2e1-8eaf11090000 pid=2321->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=8bb54151-1a00-0000-e2e1-8eaf25090000 pid=2341->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=aea20f5e-1a00-0000-e2e1-8eaf3b090000 pid=2363->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=de8cba69-1a00-0000-e2e1-8eaf52090000 pid=2386->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=cc244676-1a00-0000-e2e1-8eaf72090000 pid=2418->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=05915181-1a00-0000-e2e1-8eaf86090000 pid=2438->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=17427a8c-1a00-0000-e2e1-8eaf9e090000 pid=2462->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=7d5cb597-1a00-0000-e2e1-8eafbc090000 pid=2492->9df19bce-d755-5940-91ff-d0e847757959 send: 138B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/18e059665f071b1cb665f9b00a65d738d92e9520b947c8b239eb473ad21e9d66
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/18e059665f071b1cb665f9b00a65d738d92e9520b947c8b239eb473ad21e9d66/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-09-08 17:14:10 UTC
File Type:
Text (Shell)
AV detection:
17 of 38 (44.74%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ddqfszs7a4nrzntf7gyauzoxhdms5fjaxfd4rmrz5ndtvuq6tvta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/18e059665f071b1cb665f9b00a65d738d92e9520b947c8b239eb473ad21e9d66

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 18e059665f071b1cb665f9b00a65d738d92e9520b947c8b239eb473ad21e9d66

(this sample)

Mirai

elf b0ff5d417b98975a78c034c4c9ed42cd68813c8c3415ea894b7687e06c10cf3b

  
URLhaus
https://urlhaus.abuse.ch/url/3620254/
  
Delivery method
Distributed via web download
  
Dropping
MD5 663e52546a0f5939ef042ca709302382
  
Dropping
SHA256 b0ff5d417b98975a78c034c4c9ed42cd68813c8c3415ea894b7687e06c10cf3b

Comments