MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29b11c9442afb1719c02601a86b39e0c9159d22612336cd2df7e1e190c64c59c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29b11c9442afb1719c02601a86b39e0c9159d22612336cd2df7e1e190c64c59c
SHA3-384 hash: 48101430a18a62a8cfdb44479d982abb4b9285f7b78daa5f1d1ec60dcb61d8c8476f67db40c1193fe53102fef8e6af4c
SHA1 hash: 8d6ed7dc0259b67feb0b8cdfeb5fd0f7811ae259
MD5 hash: d9afbfc0ff08612271819c843d24b28e
humanhash: eleven-fifteen-oklahoma-nebraska
File name:l
Download: download sample
Signature Mirai
Create hunting rule
File size:999 bytes
First seen:2025-06-08 03:37:07 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:yRk5zFt+MB08xJxDkpxSxnkxnmkpxSx3xJkpxSxSx0kpx8jn:4k5REA0gzDkpxOomkpxOhJkpxOO0kpxY
TLSH T1FC11E9CF50A4DE7268404EDD31935A1A78C6C9D906CF8FC6E44E01A9A1CC94DB661E7A
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.26.90.217/vv/armv4la82594f321a14d22c63b44b8b3f4e5dcb725aeda14db201cfe59d6b37cb8093f Miraielf gafgyt mirai ua-wget
http://94.26.90.217/vv/armv5ld64ce359bc97c9643e66057dbd0ea9ed69d5272487e873119dc7a01134f852bc Miraielf gafgyt mirai ua-wget
http://94.26.90.217/vv/armv6l176858d674f19ed1c385ebfd952caea9f6a76f4b44828d6b8f21985476a35df0 Miraielf gafgyt mirai ua-wget
http://94.26.90.217/vv/armv7lae5dbccdfcd0e48e2065b462be5879d1c103e3dc9c553ce8eb319c6385580d78 Miraielf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=684507da07b5e8c1cfe5a984linux22vpnfull_triage
Tags:
agent hype sage
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/29b11c9442afb1719c02601a86b39e0c9159d22612336cd2df7e1e190c64c59c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/29b11c9442afb1719c02601a86b39e0c9159d22612336cd2df7e1e190c64c59c/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-06-08 03:40:30 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fgyrzfccv6yxdhacmaninm46bsivturgcizwzuw7pypbsddeywoa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250608-d8d8nswkx3/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/29b11c9442afb1719c02601a86b39e0c9159d22612336cd2df7e1e190c64c59c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 29b11c9442afb1719c02601a86b39e0c9159d22612336cd2df7e1e190c64c59c

(this sample)

Mirai

elf 35c14500814ac5bc2c71312bb1323f3be34afa878c7f06cefb0bf26f983564db

  
URLhaus
https://urlhaus.abuse.ch/url/3531257/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9aff45bce598a65ad3f904f1bda32707
  
Dropping
SHA256 35c14500814ac5bc2c71312bb1323f3be34afa878c7f06cefb0bf26f983564db

Comments