MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26d6117a03195d9590639b4c33c6f928068dc06c821f99fc90400b0560e0adf0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26d6117a03195d9590639b4c33c6f928068dc06c821f99fc90400b0560e0adf0
SHA3-384 hash: 21fe074f52f76938dcbb417fd1cfdba63ffa17c923ea3784d2ec43d5b3185b75d01221a55146d2e60074d24d0ae2df30
SHA1 hash: ed53a9f5618d660eda0a0f4c01ae711c6b8591a7
MD5 hash: 2359174a9e2b4e64a4bd7f752296234c
humanhash: floor-ack-three-alaska
File name:niggak.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:968 bytes
First seen:2026-01-10 13:00:07 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:FFlf8AsWu4gFlAA8AbiKeQFlmA8Ab0cA4pIFl+O8ADVsFFl+T8ABGnWyTFl+U8A8:L613O/JKBcSu6FHESMdxV1DbKdD17epf
TLSH T1BD116DCD2E22B1638763CD2E7B52DB30B7E6D044736712666E5C28BD82F650C384AF60
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.121.112.123/fentchromek8e995ca38ede4091941743d2310c63ee678dfba929782d435f36b02e01a5fcf0 Miraielf mirai ua-wget
http://87.121.112.123/fentdipsk08ea2a22ee9c728176a53b420c8a706e3188e50c54ea45e0888c0daf62dd06cc Mirai32-bit elf mips mirai
http://87.121.112.123/fentdotsk7874fcdc59a49b59c7df4f16b13bc73ba735def4c083f45494ee2862ec5842af Mirai32-bit elf mips mirai
http://87.121.112.123/fentarm4kff7e5a42ffd58ac5b3d31535d2ca099e8b60107a18f62e25c8ecb9c004d0815b Mirai32-bit arm elf mirai
http://87.121.112.123/fentarm5kfc757f17276d833878ed27f90eaf080c50872568f2cca799ebcc9293b22991ee Miraielf mirai ua-wget
http://87.121.112.123/fentarm6k3eafcd688b480a28f0286af8bac7e8ab3119c896f47c923ce00c52e796abef4f Miraielf mirai ua-wget
http://87.121.112.123/fentarm7k9e310eaa9c47173ea9a61f64afed92de2bdc1994bf1fe84252825214db58d0ef Miraielf mirai ua-wget
http://87.121.112.123/fentppck2a4fddeffa42eab112aa3e66d62fc928b2c1112bd18ec665a0f0fdd8c1345beb Miraielf mirai ua-wget
http://87.121.112.123/fentsh4k64ae490cacfa7c541b7aca7c8fa06117c555d30976477b7ef530e54275f86fbe Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/69624d7707ef5fa68e83b5c2/reports/6a39b55d-7dc1-42f1-928c-bfe1c6c1fb76/overview
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/26d6117a03195d9590639b4c33c6f928068dc06c821f99fc90400b0560e0adf0/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/26d6117a03195d9590639b4c33c6f928068dc06c821f99fc90400b0560e0adf0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26d6117a03195d9590639b4c33c6f928068dc06c821f99fc90400b0560e0adf0/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/26d6117a03195d9590639b4c33c6f928068dc06c821f99fc90400b0560e0adf0
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e3lbc6qddfozleddtngdhrxzfadi3qdmqipzt7eqiafqkyhavxya._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260110-p82jragy5b/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/26d6117a03195d9590639b4c33c6f928068dc06c821f99fc90400b0560e0adf0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 26d6117a03195d9590639b4c33c6f928068dc06c821f99fc90400b0560e0adf0

(this sample)

Mirai

elf cd1ebd25b43a731ff91087c5e8a05a32a7d6fd1b03b64225093c13e10c4a5783

  
URLhaus
https://urlhaus.abuse.ch/url/3755393/
  
Delivery method
Distributed via web download
  
Dropping
MD5 44c2a6bf89d10cd31cef49b73f3a7e69
  
Dropping
SHA256 cd1ebd25b43a731ff91087c5e8a05a32a7d6fd1b03b64225093c13e10c4a5783

Comments