MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d7efbc52ac87939fa8c3b380e6c38aee15fdceda5ae502092a28b9198c2ac7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d7efbc52ac87939fa8c3b380e6c38aee15fdceda5ae502092a28b9198c2ac7d
SHA3-384 hash: bda83206f0833285f85b2417d64912b9ffe2d2c90c2828830b99bc885ebf3709a538d0180515d6b50ede681faa7b910d
SHA1 hash: 92914bda6109068c227bf03b666ded94c05bb499
MD5 hash: ab99960dddcb7c5b8678110ff87a454e
humanhash: south-maine-white-october
File name:tbk
Download: download sample
Signature Mirai
Create hunting rule
File size:379 bytes
First seen:2025-10-09 03:52:32 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SXq8WwfGwAK/w8WAjXq8WoGNIZo+/1AjXq8Wya9ya4yVIwAjXq8W878a2:IdfJAKo7ADENI3tADihL9ADRoj
TLSH T16CE0129EC02148023104EDC0E4AF02B07A0DADF0C25CDE8A9B4F7E3D639C6103C78654
Magika javascript
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://109.205.213.5/kvariant.arm795c84d2cb01247b415f57c19c291ff83f7f2e5da207db1fe775ae6df6f8414fe Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm6464e01d54829277f90c3a6079e7296056090aff9f57d5b399903470f40628536 Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm5b348e5b70ab7e0d8bb74afbd7749daaab6d7becf6854dfc75486a71da1430ab9 Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm376ca979cb4140b86393ee85cf7f66f18f5cee9ad886102ac207238e88562c6a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68e731b75a3bccf09ebe6da7/reports/2f3d4354-a6ab-42c2-933b-4f1e5dc600cb/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/2d7efbc52ac87939fa8c3b380e6c38aee15fdceda5ae502092a28b9198c2ac7d
Verdict:
Malicious
File Type:
text
First seen:
2025-10-09T06:15:00Z UTC
Last seen:
2025-10-09T06:44:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/2d7efbc52ac87939fa8c3b380e6c38aee15fdceda5ae502092a28b9198c2ac7d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f64bccb5-97cb-4e30-810d-ff4d036a8400
Behavior Graph:
Download SVG
%3 guuid=21e94bbf-1900-0000-a6c4-4f93a40c0000 pid=3236 /usr/bin/sudo guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244 /tmp/sample.bin guuid=21e94bbf-1900-0000-a6c4-4f93a40c0000 pid=3236->guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244 execve guuid=014652c2-1900-0000-a6c4-4f93ad0c0000 pid=3245 /usr/bin/wget net send-data write-file guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=014652c2-1900-0000-a6c4-4f93ad0c0000 pid=3245 execve guuid=bb95e2e9-1900-0000-a6c4-4f93f90c0000 pid=3321 /usr/bin/chmod guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=bb95e2e9-1900-0000-a6c4-4f93f90c0000 pid=3321 execve guuid=692f6bea-1900-0000-a6c4-4f93fb0c0000 pid=3323 /usr/bin/dash guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=692f6bea-1900-0000-a6c4-4f93fb0c0000 pid=3323 clone guuid=fe9f20eb-1900-0000-a6c4-4f93ff0c0000 pid=3327 /usr/bin/wget net send-data write-file guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=fe9f20eb-1900-0000-a6c4-4f93ff0c0000 pid=3327 execve guuid=7816ae0a-1a00-0000-a6c4-4f93300d0000 pid=3376 /usr/bin/chmod guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=7816ae0a-1a00-0000-a6c4-4f93300d0000 pid=3376 execve guuid=1aebe50a-1a00-0000-a6c4-4f93320d0000 pid=3378 /usr/bin/dash guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=1aebe50a-1a00-0000-a6c4-4f93320d0000 pid=3378 clone guuid=2035d60b-1a00-0000-a6c4-4f93380d0000 pid=3384 /usr/bin/wget net send-data write-file guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=2035d60b-1a00-0000-a6c4-4f93380d0000 pid=3384 execve guuid=f426da25-1a00-0000-a6c4-4f937f0d0000 pid=3455 /usr/bin/chmod guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=f426da25-1a00-0000-a6c4-4f937f0d0000 pid=3455 execve guuid=8a443626-1a00-0000-a6c4-4f93810d0000 pid=3457 /usr/bin/dash guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=8a443626-1a00-0000-a6c4-4f93810d0000 pid=3457 clone guuid=ca5aed26-1a00-0000-a6c4-4f93850d0000 pid=3461 /usr/bin/wget net send-data write-file guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=ca5aed26-1a00-0000-a6c4-4f93850d0000 pid=3461 execve guuid=1a831248-1a00-0000-a6c4-4f93bf0d0000 pid=3519 /usr/bin/chmod guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=1a831248-1a00-0000-a6c4-4f93bf0d0000 pid=3519 execve guuid=36ab5d48-1a00-0000-a6c4-4f93c00d0000 pid=3520 /usr/bin/dash guuid=1c4011c2-1900-0000-a6c4-4f93ac0c0000 pid=3244->guuid=36ab5d48-1a00-0000-a6c4-4f93c00d0000 pid=3520 clone 9df19bce-d755-5940-91ff-d0e847757959 109.205.213.5:80 guuid=014652c2-1900-0000-a6c4-4f93ad0c0000 pid=3245->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=fe9f20eb-1900-0000-a6c4-4f93ff0c0000 pid=3327->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=2035d60b-1a00-0000-a6c4-4f93380d0000 pid=3384->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=ca5aed26-1a00-0000-a6c4-4f93850d0000 pid=3461->9df19bce-d755-5940-91ff-d0e847757959 send: 140B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2d7efbc52ac87939fa8c3b380e6c38aee15fdceda5ae502092a28b9198c2ac7d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d7efbc52ac87939fa8c3b380e6c38aee15fdceda5ae502092a28b9198c2ac7d/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-09 04:10:16 UTC
File Type:
Text (JavaScript)
AV detection:
8 of 24 (33.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fv7pxrjkzb4tt6umhm4a43byv3qv7xhnuwxfaiesukfzdggcvr6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251009-f84jnsaq8w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2d7efbc52ac87939fa8c3b380e6c38aee15fdceda5ae502092a28b9198c2ac7d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2d7efbc52ac87939fa8c3b380e6c38aee15fdceda5ae502092a28b9198c2ac7d

(this sample)

Mirai

elf b1e811b36b085c989854bf9af6b39ae57f34ba84440f4db4b1c53ed7bc435653

  
URLhaus
https://urlhaus.abuse.ch/url/3620255/
  
Delivery method
Distributed via web download
  
Dropping
MD5 8ba1e874b70b491e9ccc1c2b362dc76c
  
Dropping
SHA256 b1e811b36b085c989854bf9af6b39ae57f34ba84440f4db4b1c53ed7bc435653

Comments