MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 370b62cf0403ebc4bf314d6e1410051e5c5f9cf6bda1a7d08dec65d20883823a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 370b62cf0403ebc4bf314d6e1410051e5c5f9cf6bda1a7d08dec65d20883823a
SHA3-384 hash: 7f840be86d64d0e306e25d74372a2a7ea2aaf8f4e29f92615ad2da7613ced6353dba67988a6b31c21f0248b50e421c64
SHA1 hash: 08e668c46fca6b55bff5506ba87ed188bfed98e5
MD5 hash: 1febf5bd18cf86df63c3d96a5b43b29a
humanhash: river-potato-alanine-uncle
File name:all.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:762 bytes
First seen:2026-02-22 20:02:41 UTC
Last seen:2026-02-23 14:55:19 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 12:YkF1kcClZF70S5x0HFjx0HFwx0HFWeYRBFSGa5FM5gFTZeYRBFSwa5FMDgFTBA1B:ZDkH/Fb5+HFj+HFw+HFWHRBF+FM5gF1D
TLSH T1F701F5862178197036EED8E64B72AC6834C598563F961CF8BEE9A4C784E5C00B7864A9
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.127/huhu/titanjr.n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
3
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/370b62cf0403ebc4bf314d6e1410051e5c5f9cf6bda1a7d08dec65d20883823a/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/33841eea-c912-43e7-80a6-82fa6135651e
Behavior Graph:
Download SVG
%3 guuid=1a073476-1900-0000-dead-a6b086080000 pid=2182 /usr/bin/sudo guuid=7cfb2179-1900-0000-dead-a6b091080000 pid=2193 /tmp/sample.bin guuid=1a073476-1900-0000-dead-a6b086080000 pid=2182->guuid=7cfb2179-1900-0000-dead-a6b091080000 pid=2193 execve guuid=3623ab79-1900-0000-dead-a6b094080000 pid=2196 /usr/bin/wget guuid=7cfb2179-1900-0000-dead-a6b091080000 pid=2193->guuid=3623ab79-1900-0000-dead-a6b094080000 pid=2196 execve
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/370b62cf0403ebc4bf314d6e1410051e5c5f9cf6bda1a7d08dec65d20883823a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/370b62cf0403ebc4bf314d6e1410051e5c5f9cf6bda1a7d08dec65d20883823a/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/370b62cf0403ebc4bf314d6e1410051e5c5f9cf6bda1a7d08dec65d20883823a
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-02-21 05:34:54 UTC
File Type:
Text (Shell)
AV detection:
7 of 36 (19.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g4fwftyeapv4jpzrjvxbieafdzof7hhwxwq2puen5rs5ecedqi5a._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet credential_access defense_evasion discovery linux persistence
Link:
https://tria.ge/reports/260222-yssrcaf12d/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
Creates a large amount of network flows
Deletes log files
Enumerates active TCP sockets
Enumerates running processes
Modifies init.d
Modifies rc script
File and Directory Permissions Modification
Deletes Audit logs
Deletes journal logs
Deletes system logs
Executes dropped EXE
Mirai
Mirai family
Malware Config
C2 Extraction:
130.12.180.127
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.91
Link:
https://yomi.yoroi.company/submissions/370b62cf0403ebc4bf314d6e1410051e5c5f9cf6bda1a7d08dec65d20883823a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 370b62cf0403ebc4bf314d6e1410051e5c5f9cf6bda1a7d08dec65d20883823a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3783752/
  
Delivery method
Distributed via web download

Comments