MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f8b0e971474e0f90648010e79c5e7aa401f1f4e23440c10a5e09696ce8de3ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f8b0e971474e0f90648010e79c5e7aa401f1f4e23440c10a5e09696ce8de3ef
SHA3-384 hash: b1c6eba68f0cda397ed956bebce20dc77b18802fd54b73cd5a48286f305f24a4303dfeb9e348bcfd86a2f04b7e2b596a
SHA1 hash: 3899fdd44a176c5d7aa8895fedbc4cc6d03ed949
MD5 hash: c84a6ddda948cc4d924323834022e7c2
humanhash: fillet-pizza-lake-artist
File name:res
Download: download sample
Signature Mirai
Create hunting rule
File size:412 bytes
First seen:2025-11-15 19:01:40 UTC
Last seen:2025-11-16 19:24:22 UTC
File type: sh
MIME type:text/plain
ssdeep 12:AaaoNNA5alheNA5a9NI3qNAzaWfJAKoQ2:koLAtAKNIGAzgK2
TLSH T15BE0EDFA84111D263008DD85D0DF00E0723E6FB6C268DB9AA25F3E2D63CC7103C61D45
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.41/kvariant.arm62dd781a4e571fa797612ef112cea6645758682d74c75cdb909d3832f27c8ca0 Miraimirai opendir
http://213.209.143.41/kvariant.arm5f8b9acbdcbeeb5d59c9d31788ef5f717fb62bf728ddae01584e29b6a33d89dc5 Miraimirai opendir
http://213.209.143.41/kvariant.arm61e63edf262d21d49fe667fd7ada520626abd9f4395202a1ebee9b9558340cc5f Miraimirai opendir
http://4213.209.143.41/kvariant.arm7n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6918ce3b0c70fbf813abf0e4/reports/da9588d2-47bb-45e2-a583-ce6307a726a1/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/2f8b0e971474e0f90648010e79c5e7aa401f1f4e23440c10a5e09696ce8de3ef
Verdict:
Malicious
File Type:
text
First seen:
2025-11-15T17:53:00Z UTC
Last seen:
2025-11-15T18:09:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/2f8b0e971474e0f90648010e79c5e7aa401f1f4e23440c10a5e09696ce8de3ef/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/5d827f4b-8c0d-4f89-a120-cf686104fd9a
Behavior Graph:
Download SVG
%3 guuid=e195c0fd-1800-0000-88fa-135e5c140000 pid=5212 /usr/bin/sudo guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213 /tmp/sample.bin guuid=e195c0fd-1800-0000-88fa-135e5c140000 pid=5212->guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213 execve guuid=17f29e00-1900-0000-88fa-135e5e140000 pid=5214 /usr/bin/wget net send-data write-file guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=17f29e00-1900-0000-88fa-135e5e140000 pid=5214 execve guuid=6a838607-1900-0000-88fa-135e5f140000 pid=5215 /usr/bin/chmod guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=6a838607-1900-0000-88fa-135e5f140000 pid=5215 execve guuid=f60ac807-1900-0000-88fa-135e60140000 pid=5216 /usr/bin/dash guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=f60ac807-1900-0000-88fa-135e60140000 pid=5216 clone guuid=de756108-1900-0000-88fa-135e62140000 pid=5218 /usr/bin/wget net send-data write-file guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=de756108-1900-0000-88fa-135e62140000 pid=5218 execve guuid=94a1370e-1900-0000-88fa-135e63140000 pid=5219 /usr/bin/chmod guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=94a1370e-1900-0000-88fa-135e63140000 pid=5219 execve guuid=8c6e8d0e-1900-0000-88fa-135e64140000 pid=5220 /usr/bin/dash guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=8c6e8d0e-1900-0000-88fa-135e64140000 pid=5220 clone guuid=e2ab370f-1900-0000-88fa-135e66140000 pid=5222 /usr/bin/wget net send-data write-file guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=e2ab370f-1900-0000-88fa-135e66140000 pid=5222 execve guuid=c1cec113-1900-0000-88fa-135e67140000 pid=5223 /usr/bin/chmod guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=c1cec113-1900-0000-88fa-135e67140000 pid=5223 execve guuid=56040514-1900-0000-88fa-135e68140000 pid=5224 /usr/bin/dash guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=56040514-1900-0000-88fa-135e68140000 pid=5224 clone guuid=33679714-1900-0000-88fa-135e6a140000 pid=5226 /usr/bin/wget dns net send-data guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=33679714-1900-0000-88fa-135e6a140000 pid=5226 execve guuid=fe280f19-1900-0000-88fa-135e6b140000 pid=5227 /usr/bin/chmod guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=fe280f19-1900-0000-88fa-135e6b140000 pid=5227 execve guuid=014a5719-1900-0000-88fa-135e6c140000 pid=5228 /usr/bin/dash guuid=92914c00-1900-0000-88fa-135e5d140000 pid=5213->guuid=014a5719-1900-0000-88fa-135e6c140000 pid=5228 clone 4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a 213.209.143.41:80 guuid=17f29e00-1900-0000-88fa-135e5e140000 pid=5214->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 141B guuid=de756108-1900-0000-88fa-135e62140000 pid=5218->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 142B guuid=e2ab370f-1900-0000-88fa-135e66140000 pid=5222->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 142B 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=33679714-1900-0000-88fa-135e6a140000 pid=5226->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 132B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2f8b0e971474e0f90648010e79c5e7aa401f1f4e23440c10a5e09696ce8de3ef
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f8b0e971474e0f90648010e79c5e7aa401f1f4e23440c10a5e09696ce8de3ef/
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-11-15 19:10:13 UTC
File Type:
Text (JavaScript)
AV detection:
9 of 24 (37.50%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f6fq5fyuotqpsbsiaehhtrphvjab6h2oencayeff4cljntun4pxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2f8b0e971474e0f90648010e79c5e7aa401f1f4e23440c10a5e09696ce8de3ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2f8b0e971474e0f90648010e79c5e7aa401f1f4e23440c10a5e09696ce8de3ef

(this sample)

Mirai

elf 62dd781a4e571fa797612ef112cea6645758682d74c75cdb909d3832f27c8ca0

  
URLhaus
https://urlhaus.abuse.ch/url/3686727/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3687060/
  
URLhaus
https://urlhaus.abuse.ch/url/3686892/
  
URLhaus
https://urlhaus.abuse.ch/url/3687016/
  
URLhaus
https://urlhaus.abuse.ch/url/3686872/
  
URLhaus
https://urlhaus.abuse.ch/url/3687012/
  
URLhaus
https://urlhaus.abuse.ch/url/3686945/
  
URLhaus
https://urlhaus.abuse.ch/url/3686915/
  
URLhaus
https://urlhaus.abuse.ch/url/3686875/
  
URLhaus
https://urlhaus.abuse.ch/url/3686794/
  
URLhaus
https://urlhaus.abuse.ch/url/3686791/
  
URLhaus
https://urlhaus.abuse.ch/url/3687011/
  
URLhaus
https://urlhaus.abuse.ch/url/3686941/
  
URLhaus
https://urlhaus.abuse.ch/url/3687015/
  
URLhaus
https://urlhaus.abuse.ch/url/3686867/
  
URLhaus
https://urlhaus.abuse.ch/url/3686874/
  
URLhaus
https://urlhaus.abuse.ch/url/3686889/
  
URLhaus
https://urlhaus.abuse.ch/url/3686868/
  
URLhaus
https://urlhaus.abuse.ch/url/3686895/
  
URLhaus
https://urlhaus.abuse.ch/url/3686792/
  
URLhaus
https://urlhaus.abuse.ch/url/3687010/
  
URLhaus
https://urlhaus.abuse.ch/url/3687030/
  
URLhaus
https://urlhaus.abuse.ch/url/3686861/
  
URLhaus
https://urlhaus.abuse.ch/url/3687018/
  
Dropping
MD5 9dd9ff51cf3e4cd9aa1f0744698293e4
  
Dropping
SHA256 62dd781a4e571fa797612ef112cea6645758682d74c75cdb909d3832f27c8ca0

Comments