MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f5f77fa99edb2c65c256329be772c58cab33063291ab44e870ae39fc4603e35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f5f77fa99edb2c65c256329be772c58cab33063291ab44e870ae39fc4603e35
SHA3-384 hash: 46939a2b4d8548fd3268a672beb4b6ea946b0c34378f150b98600c101c5116a82ccd4bb2ac07c4bb86754cd9fec70515
SHA1 hash: 0c5bb0adc522c64fe1f190819760f0c1cb5f599b
MD5 hash: f8e038e744e2fefc4fbcbd283f509c06
humanhash: yellow-missouri-twenty-hot
File name:massload
Download: download sample
Signature Mirai
Create hunting rule
File size:1'914 bytes
First seen:2025-12-04 10:46:14 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:z5EMy0MBDQF6FKXRCpp3r0onWUgHogHkvxdKX5xfxUK7fN7rJxwCN2KXZ:z56mUFaxHnHkjuJJeTi
TLSH T1D2410CDC3A726BF35C41FF80FA712E19A00AF5C45881EE695C9E38ADD17C72EB416601
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://95.163.83.87/mipsn/an/aelf ua-wget
http://95.163.83.87/mpsln/an/aelf ua-wget
http://95.163.83.87/arm4n/an/aelf ua-wget
http://95.163.83.87/arm5n/an/aelf ua-wget
http://95.163.83.87/arm7n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/693183c3bba50eaf04212389/reports/ef3efa49-c173-498f-9e8e-b27414638166/overview
Verdict:
Malicious
Labled as:
Trojan[Downloader]/Shell.Agent
Link:
https://www.hybrid-analysis.com/sample/2f5f77fa99edb2c65c256329be772c58cab33063291ab44e870ae39fc4603e35
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-04T10:10:00Z UTC
Last seen:
2025-12-04T11:43:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/2f5f77fa99edb2c65c256329be772c58cab33063291ab44e870ae39fc4603e35/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2f5f77fa99edb2c65c256329be772c58cab33063291ab44e870ae39fc4603e35
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f5f77fa99edb2c65c256329be772c58cab33063291ab44e870ae39fc4603e35/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-04 11:10:14 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f5pxp6uz5wzmmxbfmmu345zmldflgmddfenlituhblrz7rdahy2q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/251204-p3lw4swmdt/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.37
Link:
https://yomi.yoroi.company/submissions/2f5f77fa99edb2c65c256329be772c58cab33063291ab44e870ae39fc4603e35

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2f5f77fa99edb2c65c256329be772c58cab33063291ab44e870ae39fc4603e35

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3718750/
  
Delivery method
Distributed via web download

Comments