MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2859ddd77aea1dc3336ca702f0c62f00b6db7e353773566a9492bb45eccbb2cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2859ddd77aea1dc3336ca702f0c62f00b6db7e353773566a9492bb45eccbb2cc
SHA3-384 hash: f23308fade03770c843e6c4848ad31c0de433690c988e0ee9258986486651b080f9dcc002a291ff7aade5cf5f7ab62eb
SHA1 hash: 3aad68de8c9c3c9d79e16a321d8a7f312851ecfd
MD5 hash: 0a0f68578255c0485203190eb609bad4
humanhash: double-twenty-hot-october
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'044 bytes
First seen:2025-02-16 10:41:47 UTC
Last seen:2025-06-05 14:31:13 UTC
File type: sh
MIME type:text/plain
ssdeep 24:8IEMeBgcIEMy1cIEMONIIocIEMkKSfcIEMo2cIEMUl95cIEMo9mcIEMGlcIEM+Tn:8IYBgcI81cIuocICxfcIS2cIo95cIu96
TLSH T1DA1179CE0799D6391CE8CC4C30AD891CAA79A7D630614BDDAD4C48B361969387E3BF0C
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.171.131.21/main_armbd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef Miraielf mirai
http://31.171.131.21/main_arm597744afb839e31ac5bccbd36751e49239bb28f8dc8543e016ad377ee0fd364a7 Miraielf mirai ua-wget
http://31.171.131.21/main_arm676beab1a2a1362ecb4f09a68480ec83be83b92bb4f325677a75d95f6ab7493ed Miraielf mirai ua-wget
http://31.171.131.21/main_arm78583dd8a912a6689b1b6a30662fb9756a4191d3a42dbf73761dcb9b9ef15f04f Miraielf mirai
http://31.171.131.21/main_m68k765d2fcd868547d56ca65d1a1607dbd716846ade55a21763c1ba27d6095d4c2f Miraielf mirai ua-wget
http://31.171.131.21/main_mips93c6360339aed0489885e7ffb51f591258b8f1b62b69a063c285197cd4d9b2a9 Miraielf mirai ua-wget
http://31.171.131.21/main_mpslc91a88f2fae16832f27cdd29511afa98b9bb4097f073a495911e577d2b147122 Miraielf mirai ua-wget
http://31.171.131.21/main_ppc71f26983cea8a321439fdb2413590211a2c0d34e961550f898981e7f3aec1570 Miraielf mirai ua-wget
http://31.171.131.21/main_sh4d844fb6df57d4339e1d970d417b21b422466e64e0ed1c6d586d9d11ad093f151 Miraielf mirai ua-wget
http://31.171.131.21/main_spc8b5ba26f0af7ae78f47f4167fce756a8905ac120193691062c230fdcf86da5bd Miraicensys elf mirai
http://31.171.131.21/main_x8662957dcecfdaa90da9e4d31191222a66efd760119b6b400f70fb34792692d038 Miraielf mirai ua-wget
http://31.171.131.21/main_x86_64a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
3
# of downloads :
80
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b1c1c728ab76d43a5b3272linux22vpnfull_triage
Tags:
shellcode hype sage
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash lolbin mirai remote
Link:
https://www.filescan.io/uploads/67b1c10a5c9e85f78967d6c6/reports/43678851-71ea-481b-bb0c-8a79b10b4321/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/2859ddd77aea1dc3336ca702f0c62f00b6db7e353773566a9492bb45eccbb2cc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2859ddd77aea1dc3336ca702f0c62f00b6db7e353773566a9492bb45eccbb2cc/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-02-16 10:42:17 UTC
File Type:
Text (Shell)
AV detection:
13 of 37 (35.14%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fbm53v325io4gm3mu4bpbrrpac3nw7rvg5zvm2uusk5ul3glwlga._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/250216-mrrbcatjdw/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2859ddd77aea1dc3336ca702f0c62f00b6db7e353773566a9492bb45eccbb2cc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2859ddd77aea1dc3336ca702f0c62f00b6db7e353773566a9492bb45eccbb2cc

(this sample)

Mirai

elf bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef

  
URLhaus
https://urlhaus.abuse.ch/url/3441562/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c6edcb298e7732b81b54bac412d0bc6c
  
Dropping
SHA256 bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef
  
URLhaus
https://urlhaus.abuse.ch/url/3441767/

Comments