MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f2d721db46d14fb8d759b8b6f49c28b44586ba89063085528f57fb618783e0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f2d721db46d14fb8d759b8b6f49c28b44586ba89063085528f57fb618783e0e
SHA3-384 hash: f28c9d16dbd0d1a463501fa59f8d39b1ee1673a1fa46f156bc30c0412703940a99ea4cc007e4906c69e0296b0fe5b468
SHA1 hash: 4a49adc25e2fc53f97b7eb4948099a56e9645231
MD5 hash: 1a999c725f7e317160dc47249dd856db
humanhash: hawaii-may-kilo-fillet
File name:jack5tr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'002 bytes
First seen:2026-02-17 16:49:39 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:v0n6yd/sF/sc/s0kTld/sGKM/sPG/sn/sgJHZ/sp/sUKlh/sY/sk/sePeH:v0nVGur0kxGG0PR0gHKaUKc/zf
TLSH T1434194CA279174756CAAA963F3B906187580A8C516F86E445BFC78F4C48CD24FDD4A83
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.116.52.126/x86e081389159aae1c758b34b9f69cef16f25c14b6519c43e174f5290b46f240a35 Miraielf mirai
http://103.116.52.126/mipse635dc4f49eacd822f6f417c611d1fc3f888280c8c43886ee4dd3e5566d1ede1 Miraielf mirai
http://103.116.52.126/arcn/an/an/a
http://103.116.52.126/x86_64baaca57ea05a7f0a57cf65c27ee615effc19fae9913fb21e76c32cea21a278c8 Miraielf mirai
http://103.116.52.126/mpsl5ce46bb5bb8d83d082b192184df8e352728713b91752e1fe9c5ed3bbdcfb78d2 Miraielf mirai
http://103.116.52.126/arm7bb574077868abf5750ef9bd088acdc8e7705c91a4a85ff6db0a7827a4f1a9b8 Miraielf mirai
http://103.116.52.126/arm577d8721cd22e77550b4e0739c889238e684e31c8897b569e936f60812c8dc5df Miraielf mirai
http://103.116.52.126/arm633aee8ae5b2454a6366fff8e875b5b3454c34f3d5dbc8d6eab0934d4f8e4bdd6 Miraielf mirai
http://103.116.52.126/arm7cfa5d5f9016becaadc1660ddc6297c1eb727239f81dcff15315d38fa6f29febf Miraielf mirai
http://103.116.52.126/ppcc8b36c9da4bdd719b36ba6f9fa1cb1f1222a87950dc9fb6a247d684e33b22284 Miraielf mirai
http://103.116.52.126/spcd34e24978219766bb965326f67424074983406ccca35fb54a17f50fbe04b7945 Miraielf ua-wget
http://103.116.52.126/m68k17cb55ed8de9146032299bfe90c81e26b2a21239ecd62e9f0e303def4b71614d Miraielf mirai
http://103.116.52.126/sh407d009db915ae2f3e7483241f32478e75b5fe9ac1a836cfb6a6db96baa80329a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Gathering data
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2f2d721db46d14fb8d759b8b6f49c28b44586ba89063085528f57fb618783e0e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f2d721db46d14fb8d759b8b6f49c28b44586ba89063085528f57fb618783e0e/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f4wxehnunukpxdlvtofw6socrncfq25isbrqqvji6v73mgdyhyha._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260217-vcgscsez8h/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Contacts a large (418637) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware Config
C2 Extraction:
bbos.minet.vn
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2f2d721db46d14fb8d759b8b6f49c28b44586ba89063085528f57fb618783e0e

(this sample)

Mirai

elf e081389159aae1c758b34b9f69cef16f25c14b6519c43e174f5290b46f240a35

  
URLhaus
https://urlhaus.abuse.ch/url/3779598/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b65c3ba1f5968b330361c4f062180b0e
  
Dropping
SHA256 e081389159aae1c758b34b9f69cef16f25c14b6519c43e174f5290b46f240a35
  
URLhaus
https://urlhaus.abuse.ch/url/3779632/
  
URLhaus
https://urlhaus.abuse.ch/url/3779631/

Comments