MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b6129f0277a99913bfcd50fef38c90a89275b2b2a17b5ab6ae087e2e93324d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b6129f0277a99913bfcd50fef38c90a89275b2b2a17b5ab6ae087e2e93324d9
SHA3-384 hash: a674d0060a77ad36d6e49483ca2378f42b81ad857e2b1252f17eef53f33dda93fce3807cae693713104e19234c15b11d
SHA1 hash: b249b92e3c505842e3092f36bdc091007cd1e9b6
MD5 hash: 44003db88cc3d5897e2670292b2f1cb0
humanhash: single-arkansas-yellow-six
File name:gw
Download: download sample
Signature Mirai
Create hunting rule
File size:1'127 bytes
First seen:2025-04-06 10:07:56 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:CXWwKt6NIf0EJU5j/gkkhKeXAetlz6x8X:Cmwan0EJU5j/jkhXwovX
TLSH T10C2156E7A2750BC7599F9E1FF560D65A20C4C39B626B57D8BCAC282D0E5484CF108E61
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://42.112.26.36/zd2/ppc8903fe9cf6c0a39b21500c9379b7f6c2c16a1ae62215a38d73be579674fe8b63 Miraielf mirai
http://42.112.26.36/zd2/arm7e84c7c625a0bad135fbb696ae39cd0df03e34bb20508b9b7ef3dcb03cb9d595b Miraielf mirai
http://42.112.26.36/zd2/arm6n/an/aelf
http://42.112.26.36/zd2/arm52fe73469585483a503006d519deaa40b780cc4874a583d7e568173bc4bece315 Miraielf mirai
http://42.112.26.36/zd2/arm42fe73469585483a503006d519deaa40b780cc4874a583d7e568173bc4bece315 Miraielf
http://42.112.26.36/zd2/arm1a6802bea6ffdc55432fc3d7908e79ac74163868d3e6d027e33b27d723b4febc Miraielf mirai
http://42.112.26.36/zd2/mipsfba7bebf259ea5904705b2ce98b73a7ef017b7cf64565779a1afdfc437a46ef0 Miraielf
http://42.112.26.36/zd2/mpsld03b5802a4b100ea40955e03384d9d904ff17801d6254a06563d96028b440c93 Miraielf mirai
http://42.112.26.36/zd2/sh4136b60f9c25a7194c7a5a35b43d2617b5e7acf8fc02c26c6578eb9fcb0d2788d Miraielf mirai
http://103.175.16.117/K5CgAqHhJXCAf6156332e0cef3faee0a6de425d5cfbcf73a2a9ee901bdbde613d345770973bc Miraimirai ua-wget
http://42.112.26.36/zd2/aarch64de90c0c73f4c1037b51c67faf60242813a94feef13965846b5777f66bd1e9bf7 Miraielf mirai
http://42.112.26.36/zd2/m68kde90c0c73f4c1037b51c67faf60242813a94feef13965846b5777f66bd1e9bf7 Miraielf

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f3902ae011fe619fabdecflinux22vpnfull_triage
Tags:
phishing agent virus overt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive lolbin remote
Link:
https://www.filescan.io/uploads/67f252972d430c849e08c774/reports/3e8b32c1-07bc-4e80-b24a-21d48e5f7f2e/overview
Verdict:
Malicious
Labled as:
Linux/TrojanDownloader.SH
Link:
https://www.hybrid-analysis.com/sample/2b6129f0277a99913bfcd50fef38c90a89275b2b2a17b5ab6ae087e2e93324d9
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2b6129f0277a99913bfcd50fef38c90a89275b2b2a17b5ab6ae087e2e93324d9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b6129f0277a99913bfcd50fef38c90a89275b2b2a17b5ab6ae087e2e93324d9/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-04-06 11:31:57 UTC
File Type:
Text (Shell)
AV detection:
17 of 36 (47.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fnqst4bhpkmzco742uh66ogjbkesowzlfil3lk3k4cd6f2jtetmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2b6129f0277a99913bfcd50fef38c90a89275b2b2a17b5ab6ae087e2e93324d9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2b6129f0277a99913bfcd50fef38c90a89275b2b2a17b5ab6ae087e2e93324d9

(this sample)

Mirai

elf f6156332e0cef3faee0a6de425d5cfbcf73a2a9ee901bdbde613d345770973bc

  
URLhaus
https://urlhaus.abuse.ch/url/3502739/
  
Delivery method
Distributed via web download
  
Dropping
MD5 96e8cbb307135e0590cec0e5fcd9b80a
  
Dropping
SHA256 f6156332e0cef3faee0a6de425d5cfbcf73a2a9ee901bdbde613d345770973bc

Comments