MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2285df6e099990a09534b394c899a44d5d0f5227a7e961eb64b02deb0a5f04ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2285df6e099990a09534b394c899a44d5d0f5227a7e961eb64b02deb0a5f04ed
SHA3-384 hash: 59815f5ce4958bd4b24f1310916ac59c3f818dc821335ffb222e0bb77d552e0d1759e9c6c2b0d481ae9322d805d1f7cf
SHA1 hash: 05614f5e95703545099f28b83287a13d35f8de75
MD5 hash: 6516694780e6ca3f2fb65ab01f29c8d7
humanhash: queen-emma-twenty-pennsylvania
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:989 bytes
First seen:2025-01-08 16:51:19 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:sXCZG+1ZuZI4WQbW4BGKBMuABEE2B1aABtPEFBV:20b54hbWMGaTkdmcktPE7V
TLSH T16B11E1E682A2DF3361941828B2F22BADB05850CB17180A84B73D9E67FF8D6F570A4240
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.136.41.100/t18fe802ec37b5f944520e2f6e5853c2723bc2f787dc7ffae6e85e1746e499df47 Miraielf mirai ua-wget
http://103.136.41.100/t2053c4a9eeca2f2436daf4273a9d8e2f680834e05a9d2eeabcebcfffa17679544 Miraielf mirai ua-wget
http://103.136.41.100/t3e3b0263b1545b58725dfde84e5d125ae87b0a14a16c364301af4d91cc068fa12 Miraielf mirai ua-wget
http://103.136.41.100/t4fde57c36daa01f9114312d7e4498d4e0cfe3ca125a8221e44117bc43de96ee4b Miraielf mirai ua-wget
http://103.136.41.100/t5fde57c36daa01f9114312d7e4498d4e0cfe3ca125a8221e44117bc43de96ee4b Miraielf mirai ua-wget
http://103.136.41.100/t60787b187057248b0badadc13b1b65e942fc3ced46673ba3e20f11270acce2267 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=677eae29c029bd73f2870e81linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/677ead368608099de3fc351f/reports/ae9bbfb5-e1a9-4860-ae2a-b0c440c38a9e/overview
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/2285df6e099990a09534b394c899a44d5d0f5227a7e961eb64b02deb0a5f04ed
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2285df6e099990a09534b394c899a44d5d0f5227a7e961eb64b02deb0a5f04ed/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-01-08 16:52:04 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ekc563qjtgikbfjuwokmrgnejvoq6urhu7uwd23ewaw6wcs7atwq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/250108-vddgbswma1/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/2285df6e099990a09534b394c899a44d5d0f5227a7e961eb64b02deb0a5f04ed

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2285df6e099990a09534b394c899a44d5d0f5227a7e961eb64b02deb0a5f04ed

(this sample)

Mirai

elf ead60a60220a3549a8ddc6264e667f5ac094eb961b7260a9bd10e8dc2cd07cba

  
URLhaus
https://urlhaus.abuse.ch/url/3393733/
  
Delivery method
Distributed via web download
  
Dropping
MD5 cc628cf6f08f7fb8c4f248c1eb1d0d65
  
Dropping
SHA256 ead60a60220a3549a8ddc6264e667f5ac094eb961b7260a9bd10e8dc2cd07cba

Comments