MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a2284738641e9d72474379039069f7e4f89be8186778b0efaaf7e20e321c116. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a2284738641e9d72474379039069f7e4f89be8186778b0efaaf7e20e321c116
SHA3-384 hash: 18072ad450475772c7d046cc66a14372770e13c624068faed74034a49e9ec6b08714b432b4dba4813de1fc465e431dc7
SHA1 hash: bc1914ceb1b7015c7ddd7be909b3e5ad8dc58171
MD5 hash: 10277480647f83895ce1097bb2c2007f
humanhash: apart-cold-mississippi-california
File name:o.xml
Download: download sample
Signature Mirai
Create hunting rule
File size:708 bytes
First seen:2025-10-01 22:21:46 UTC
Last seen:2025-10-02 00:07:35 UTC
File type: sh
MIME type:text/plain
ssdeep 12:FzY8id/7JAC7akxGWi2jX0KTk5jaUtGTEinv:FzY8k1/sWi2jkFPcTh
TLSH T10E017DECB07C8B91069DC641B1F1501444B3D0C7B0F497E5F2AF88256F499893B23A1D
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/UnHAnaAW.x8642efa473fa16cd174a1394892b7163f4e47c0434d1138d120135451514465617 Miraielf geofenced mirai opendir ua-wget USA x86

Intelligence

File Origin
# of uploads :
2
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.NetLoader
Link:
https://www.hybrid-analysis.com/sample/2a2284738641e9d72474379039069f7e4f89be8186778b0efaaf7e20e321c116
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/2a2284738641e9d72474379039069f7e4f89be8186778b0efaaf7e20e321c116/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/74905e52-c3e6-4795-90eb-f6aef2a5de35
Behavior Graph:
Download SVG
%3 guuid=6b973744-1a00-0000-a9af-b73086090000 pid=2438 /usr/bin/sudo guuid=64605a48-1a00-0000-a9af-b7308b090000 pid=2443 /tmp/sample.bin guuid=6b973744-1a00-0000-a9af-b73086090000 pid=2438->guuid=64605a48-1a00-0000-a9af-b7308b090000 pid=2443 execve guuid=b7e4b648-1a00-0000-a9af-b7308c090000 pid=2444 /usr/bin/dash guuid=64605a48-1a00-0000-a9af-b7308b090000 pid=2443->guuid=b7e4b648-1a00-0000-a9af-b7308c090000 pid=2444 clone
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/2a2284738641e9d72474379039069f7e4f89be8186778b0efaaf7e20e321c116
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a2284738641e9d72474379039069f7e4f89be8186778b0efaaf7e20e321c116/
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-10-01 23:14:56 UTC
File Type:
Text
AV detection:
9 of 36 (25.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=firii44gihu5ojdug6idsbu7pzhytpubqz3ywdx2v57cbyzbyela._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2a2284738641e9d72474379039069f7e4f89be8186778b0efaaf7e20e321c116

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2a2284738641e9d72474379039069f7e4f89be8186778b0efaaf7e20e321c116

(this sample)

Mirai

elf 6d704023a93f9c6ec847d5fc69998fdb3d3321d661e07f77ac32b75a36457aa0

  
URLhaus
https://urlhaus.abuse.ch/url/3636149/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3639162/
  
Dropping
MD5 560762a5464bcd68db4ca14bc2b599af
  
Dropping
SHA256 6d704023a93f9c6ec847d5fc69998fdb3d3321d661e07f77ac32b75a36457aa0
  
URLhaus
https://urlhaus.abuse.ch/url/3639189/

Comments