MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19b2bd95811408ce8e9559aa476350f490be1289492993d8f3a6c354883db866. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19b2bd95811408ce8e9559aa476350f490be1289492993d8f3a6c354883db866
SHA3-384 hash: b07ce07c864f3a6372c5d28fe14f1dd7a0b0766ba7a8f5f05e2733c6fe480223c728acebf61a8bcb99222d57974a72bc
SHA1 hash: 6bd08fc9131c62da2200ebe71b896b68ad046b02
MD5 hash: 2b26b05867f5c3f36da108ed6738a3e0
humanhash: spaghetti-item-north-oven
File name:f
Download: download sample
Signature Mirai
Create hunting rule
File size:843 bytes
First seen:2025-12-05 18:21:34 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:ZvCZOv9k933v61O91O9k933v6Yok933v6bDbnk933v6+O5k933v6q9q9k933vXw:UZAk9Kk9Ak9Gk9mk9Ok9Pw
TLSH T13B01A9FF004D693C1E40855AB567841D74334BEB71E5C60AAC8FA933B2C4528B572E5C
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/jklmipsbd9c65cc309aa6ef706f8c9681de4cc39c32aa4291072722519b6baab55f349b Miraielf mirai ua-wget
http://213.209.143.64/jklmpsl3931c3450bcb95fb433d775ab37d3bb3cd3e610ae0a762c30711db8c1822b61f Miraielf mirai ua-wget
http://213.209.143.64/jklarm7effcd4169edfb6ee63f1ee384950a19fe8b3187e07a5e8849ef9e921dabb413 Miraielf mirai
http://213.209.143.64/jklarm5c1a704fbb0fb0a441537da2e3571b21f697bc3cc371c985af7789737e3f3ef70 Miraielf mirai ua-wget
http://213.209.143.64/jklarm7f6a697c5b3d4fd4a10ac00d2c1d95d5a42860aca0cd027f2c161c0a6a1103f0a Miraielf mirai
http://213.209.143.64/jklarm6d093e3e8633a4b992141153ba4a9189a0bcae6422e96141f6caeacf27dcd0655 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
15
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive mirai
Link:
https://www.filescan.io/uploads/6933253bff25e40750d515bf/reports/ce749d63-d68d-4794-870a-a9e34bab96f3/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/19b2bd95811408ce8e9559aa476350f490be1289492993d8f3a6c354883db866
Verdict:
Malicious
File Type:
text
First seen:
2025-12-05T20:54:00Z UTC
Last seen:
2025-12-06T15:16:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/19b2bd95811408ce8e9559aa476350f490be1289492993d8f3a6c354883db866/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/19b2bd95811408ce8e9559aa476350f490be1289492993d8f3a6c354883db866
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19b2bd95811408ce8e9559aa476350f490be1289492993d8f3a6c354883db866/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-05 18:32:30 UTC
File Type:
Text (Shell)
AV detection:
14 of 38 (36.84%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dgzl3fmbcqem5duvlgveoy2q6sil4eujjeuzhwhtu3bvjcb5xbta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251205-w6wztatqak/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/19b2bd95811408ce8e9559aa476350f490be1289492993d8f3a6c354883db866

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 19b2bd95811408ce8e9559aa476350f490be1289492993d8f3a6c354883db866

(this sample)

Mirai

elf 88d49064febfb113e250220912576fcc9d73499b72e0e7a1cd98373f27b518dd

  
URLhaus
https://urlhaus.abuse.ch/url/3726378/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c84b78d8e63c8b286c7fdc26e83b6c4b
  
Dropping
SHA256 88d49064febfb113e250220912576fcc9d73499b72e0e7a1cd98373f27b518dd
  
URLhaus
https://urlhaus.abuse.ch/url/3727700/

Comments