MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2162b3f2b397156eec57419a9f6aff25ac70cd59103158a3d7dd1c9122abecc2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2162b3f2b397156eec57419a9f6aff25ac70cd59103158a3d7dd1c9122abecc2
SHA3-384 hash: 40a21c3a7b3af616f4611bcdc4a5a89a2e18a9a4f29acd9e6c830f16e99d30445821270eb3290451b0505855b298aa28
SHA1 hash: 20626d82ebf4df70c1a35665d4de0321805d7695
MD5 hash: d76095caf1ca5368e0666288c1474c9d
humanhash: high-freddie-montana-cardinal
File name:w2.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'140 bytes
First seen:2025-10-02 05:37:03 UTC
Last seen:2025-10-05 08:30:17 UTC
File type: sh
MIME type:text/plain
ssdeep 12:6BoaGWNIQy7vK5w50FDKE1Cgc2ZkukNuLUn:qNIBK250F5dZLUn
TLSH T1FF21DBF91055612E16406F1170E548296CBBFBE260619EF854BFE43362DBDA0B723E78
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/UnHAnaAW.arm22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm54bab044accc55cd8b091514d74bfb44eaaea95272ee653e93948925e24b25c7a Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm69f32df4b92beb06bfed9f04284c434379715cfcba0a62fa6bd568928c146dfd4 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm751bb3572999cd4a4b25fd0cc06b061674df3373767c789ceff16b677a2e4bdc5 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.m68k267631b2edbac998aeea63a6867c1d121d1f27e3d9e601504148dabb56d40657 Miraielf geofenced m68k mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mips1aeffd0f72ac38ac1af0f86a925957eb88cff0184d6628b48ee9f452dcf8ce9c Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mpslf91fa8a4c5e27570471adaa1d53a68ad32a4c38f8f9f12d74bbf5614b3baaf14 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.ppc74e244774df73843123066181b2bb2ee1b7a62fedc22e6e936adc6e21307e42c Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.62/UnHAnaAW.sh4139cf5e5c3b4a3175dfda683eaefe4e6bd5310afa3d6d679363a224a6c69feea Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.62/UnHAnaAW.spcb19d8245d8adeb27944deefd2ae7662e4bda0c3098c964e94b5326acbec78755 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.62/UnHAnaAW.x8642efa473fa16cd174a1394892b7163f4e47c0434d1138d120135451514465617 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.x86_645c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf geofenced mirai opendir ua-wget USA x86

Intelligence

File Origin
# of uploads :
3
# of downloads :
40
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/68de106c674d5fd6aa13453d/reports/114697ef-406f-4ea7-be6d-8b153e369dce/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-02T03:57:00Z UTC
Last seen:
2025-10-02T05:10:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/2162b3f2b397156eec57419a9f6aff25ac70cd59103158a3d7dd1c9122abecc2/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2162b3f2b397156eec57419a9f6aff25ac70cd59103158a3d7dd1c9122abecc2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2162b3f2b397156eec57419a9f6aff25ac70cd59103158a3d7dd1c9122abecc2/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-10-02 05:38:34 UTC
File Type:
Text (Shell)
AV detection:
17 of 38 (44.74%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=efrlh4vts4kw53cxignj62x7ewwhbtkzcayvri6x3uojcivl5tba._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251002-gdbe3shn8x/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2162b3f2b397156eec57419a9f6aff25ac70cd59103158a3d7dd1c9122abecc2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2162b3f2b397156eec57419a9f6aff25ac70cd59103158a3d7dd1c9122abecc2

(this sample)

Mirai

elf dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932

  
URLhaus
https://urlhaus.abuse.ch/url/3639146/
  
Delivery method
Distributed via web download
  
Dropping
MD5 98e684e57fccda6c85ef49abf6e8fd3b
  
Dropping
SHA256 dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932
  
URLhaus
https://urlhaus.abuse.ch/url/3639201/
  
URLhaus
https://urlhaus.abuse.ch/url/3639212/

Comments