MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 226204c1da8091eb6a2b6dc4786f81cf02f4692d28ec9b88e47917d2fbb9db54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 226204c1da8091eb6a2b6dc4786f81cf02f4692d28ec9b88e47917d2fbb9db54
SHA3-384 hash: 23a7e2b5166bf47ff697615ab4c3fc404d37a735b29da74cf67440dc77d2b200cdb2b0c9adf8789dc531275bb22d8f94
SHA1 hash: e1eed71ea1ff788680d2c36517ab87878b1d937c
MD5 hash: 375f772852aff9181ab929c2fdfffe96
humanhash: orange-pluto-ink-muppet
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'248 bytes
First seen:2025-07-11 06:16:42 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:kd6C3WEd6BIpEd6uNNIUuiu7Ed6n4K6jEdKmr6EdejG7EdZNmB7EdtEdrlEdw6ev:kdqEdpEdv2H7EdJ9EdKmr6EdejG7EdZS
TLSH T1CF2165CE0EA7C047483C8F32E45B87781A8D45D7B4A0AEA560CD4CF3618DB18B436E56
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.66.32/HBTs/top1miku.arm92117e88e20232d0fe9f1fd7fb7d12ea5adecf19b18e227ce6ce83d9f4376a99 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.arm5046a329591855ebf9749429465feda29ac2e8fc327fc2d4664ba4255a9cda5d4 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.arm60c7fa0d266b490427b6857294ee1500691ed8506884baff619f1d51049bc4c52 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.arm7b5bce493d05031ba446080722dfb270aec7c97fc4378e639723d637adea784d2 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.m68keb6913d816c810b0846bc7bf8dd6a19152cf078b0e4ddac040eda89ae0de8ac1 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.mipsa77e7186ad2e7b858f23a9f1d3d5d6365481fcf8bf212a6d49b50ba9f9ae046f Gafgytelf gafgyt mirai ua-wget
http://196.251.66.32/HBTs/top1miku.mpsl425dc69ffcd048df8726f1cb3716901322750e3bfc56803135c3a803eeab6369 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.ppc4adaa8fbc175e4a169c4767bc147fe1b288888cddfa4f1b39abc3fe250806ff7 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.sh4b3f1e7014dfba66c06190cfa803ea2dc947f59a0b6f437f3ec6f9263b34cb4a0 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.spc58600e74fbacf7c5e92061399451cfe44073cc61d03ee7145bfd630a6bba2f88 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.x86effabb0c89d67dc1deaaff5d5a7512613f0c6d6a3c86c773d05a3062890673ba Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.x86_64d98f7aaa9e2aa30f86d5f7c88bc2e895bee6adeebc6d87a904bd28e6f9e01810 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6870ac68c9eb9747376843b2linux22vpnfull_triage
Tags:
downloader backdoor trojan
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6870ac6680b46be06e9f5b42/reports/60923ca1-ee0d-4227-9b1e-26b42ca7d3e1/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/226204c1da8091eb6a2b6dc4786f81cf02f4692d28ec9b88e47917d2fbb9db54
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/226204c1da8091eb6a2b6dc4786f81cf02f4692d28ec9b88e47917d2fbb9db54/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-07-11 06:17:11 UTC
File Type:
Text (Shell)
AV detection:
15 of 38 (39.47%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ejrajqo2qci6w2rlnxchq34bz4bpi2jnfdwjxchepel5f65z3nka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250711-g141xasshy/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/226204c1da8091eb6a2b6dc4786f81cf02f4692d28ec9b88e47917d2fbb9db54

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 226204c1da8091eb6a2b6dc4786f81cf02f4692d28ec9b88e47917d2fbb9db54

(this sample)

Mirai

elf 6b552a26f755c2a59374ad00883534a2687def709af56045502f81d42a2a640d

  
URLhaus
https://urlhaus.abuse.ch/url/3579513/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c1c6b128347f3507e99b5464e9d844e2
  
Dropping
SHA256 6b552a26f755c2a59374ad00883534a2687def709af56045502f81d42a2a640d

Comments