MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 251718dfbc731fb59db00909c686cf4915cf376a5173b41be395331db834ea17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 251718dfbc731fb59db00909c686cf4915cf376a5173b41be395331db834ea17
SHA3-384 hash: a2e6777a943b785347f15da588ade733711181e36506dc53f51f51c58a344570aa21b3774c9c02d8a882da1e3e62c41e
SHA1 hash: dc8c5df7c8f3ca1a0b60be535f5211b9f12acbd4
MD5 hash: 63c35f0fb5b5e56dc17362de407dd39d
humanhash: mockingbird-venus-artist-cold
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'519 bytes
First seen:2025-07-31 17:37:43 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:TAENEzoz6V2flz3zsjG7zsABAoA1zAunuaujzAuQ9uQkuQ1zAu5uQuBzAuYuxuLk:qEmV2flTQjG7QCXaduPjdrSKdURBdJ8o
TLSH T18C3168C94FA2501B997C5F31F04AC7A85B8E869777A09F5550CD6CF36148F14B036E06
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.115.36/HBTs/top1miku.arc22a0259442cc186e532dc5869fb4f71f759cccfb2457c815d25cc86a0e1dfe74 Miraielf mirai opendir ua-wget
http://196.251.115.36/HBTs/top1miku.i586809ea53b8504a335103fb7400ed77bafae562e22443988ebce61577a1e950236 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.x86_646874b1163b73786d72b89d1aac59d84e71c1a441be25bc612c24270909d77335 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.i686d35606a53e34a64f61406a84c406478ebeab1759e43c7b9d8821bf7b707ae2ac Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.mips8833ab23e04d218c18e782a07ba82a0a0635f17d37a65e99ff59099cbb3daf3a Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.mipsel0769cf479597eb4a09ebfd4aade04ed32913121feeadee993bcff3a5171ed1d9 Miraielf mirai opendir ua-wget
http://196.251.115.36/HBTs/top1miku.armv4lb44b7abed7fb7b4ce7ddace42c8b012c4a0c933bf11b636b76b88928c44f1b46 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.armv5lf674ac1a986d52a6b9c771d34a0200124ba850f323c46d4861be0629f86d8584 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.armv6l4efe343901cd1e8b14225d8788f7521d2df9e6eb4b3092bd10daf7644050a9c3 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.armv7l53a1a9058313b55e43e3190ed913a3f01835cbff31bdec7b9de08a3656d4eb00 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.powerpc3c4866b60ac379643446fbbb1fd2ce38bd586ce2b91ecfec5aedbf304d022b36 Miraielf mirai opendir ua-wget
http://196.251.115.36/HBTs/top1miku.sparcn/an/aelf geofenced opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.m68k64b9835344669837dfc0eff895ad3deb3689e914d87c07ced068a68f9c772dec Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.sh4f060682bfe5b7cc17deee33cc26f55d017e725428e8092226fa57f3b458e6750 Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/688baa08d3268c26a9a12e1f/reports/614da384-37c6-403d-ae93-81e58e102bf2/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/251718dfbc731fb59db00909c686cf4915cf376a5173b41be395331db834ea17
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/251718dfbc731fb59db00909c686cf4915cf376a5173b41be395331db834ea17/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/251718dfbc731fb59db00909c686cf4915cf376a5173b41be395331db834ea17
Threat name:
Document-HTML.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-07-31 17:38:17 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eulrrx54omp3lhnqbee4nbwpjek46n3kkfz3ig7dsuzr3obu5ilq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250731-v7s4wacr5v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/251718dfbc731fb59db00909c686cf4915cf376a5173b41be395331db834ea17

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 251718dfbc731fb59db00909c686cf4915cf376a5173b41be395331db834ea17

(this sample)

Mirai

elf 809ea53b8504a335103fb7400ed77bafae562e22443988ebce61577a1e950236

  
URLhaus
https://urlhaus.abuse.ch/url/3592540/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5266ae678815293035c1eedd42681025
  
Dropping
SHA256 809ea53b8504a335103fb7400ed77bafae562e22443988ebce61577a1e950236
  
URLhaus
https://urlhaus.abuse.ch/url/3594284/

Comments