MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 374309fde2f1d07ff68ce63abf18de587cf4084f3e731b66c417a16b605cddae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 374309fde2f1d07ff68ce63abf18de587cf4084f3e731b66c417a16b605cddae
SHA3-384 hash: 8f33bcd916cd73a38ea24a8bd5b12785f2208591ef01ec96866bac73302bd46236a0e07cdf7e7d7e6b3c173c2ca2e717
SHA1 hash: 0c69fce5322d62436f8c576ad2da0d45f7668447
MD5 hash: 19be5d759bacc6b25c836dde68a252a0
humanhash: eighteen-may-zulu-green
File name:d
Download: download sample
Signature Mirai
Create hunting rule
File size:385 bytes
First seen:2025-09-18 21:46:22 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SXq8WwfGwAK/wCJPRq8WoGNIZo+/cJPRq8Wya9ya4yCJPRq8W878aCXJy:IdfJAKoCDENI3EDihYDRo/U
TLSH T1A2E0129EC0145C023204DE84D06F06B0761DECB0C258EA4BDA5F7F3D678C60038BD684
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://109.205.213.5/kvariant.arm795c84d2cb01247b415f57c19c291ff83f7f2e5da207db1fe775ae6df6f8414fe Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm6464e01d54829277f90c3a6079e7296056090aff9f57d5b399903470f40628536 Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm5b348e5b70ab7e0d8bb74afbd7749daaab6d7becf6854dfc75486a71da1430ab9 Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm376ca979cb4140b86393ee85cf7f66f18f5cee9ad886102ac207238e88562c6a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/374309fde2f1d07ff68ce63abf18de587cf4084f3e731b66c417a16b605cddae
Verdict:
Malicious
File Type:
text
First seen:
2025-09-18T19:34:00Z UTC
Last seen:
2025-09-18T19:34:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/374309fde2f1d07ff68ce63abf18de587cf4084f3e731b66c417a16b605cddae/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e7acf57c-8907-4e91-8745-84eda7b130de
Behavior Graph:
Download SVG
%3 guuid=030ca59e-1a00-0000-ff99-f05eab090000 pid=2475 /usr/bin/sudo guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480 /tmp/sample.bin guuid=030ca59e-1a00-0000-ff99-f05eab090000 pid=2475->guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480 execve guuid=9cf869a1-1a00-0000-ff99-f05eb2090000 pid=2482 /usr/bin/wget net send-data write-file guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=9cf869a1-1a00-0000-ff99-f05eb2090000 pid=2482 execve guuid=51aadebe-1a00-0000-ff99-f05ef5090000 pid=2549 /usr/bin/chmod guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=51aadebe-1a00-0000-ff99-f05ef5090000 pid=2549 execve guuid=1ec11dbf-1a00-0000-ff99-f05ef7090000 pid=2551 /usr/bin/dash guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=1ec11dbf-1a00-0000-ff99-f05ef7090000 pid=2551 clone guuid=cb160dc1-1a00-0000-ff99-f05efc090000 pid=2556 /usr/bin/wget net send-data write-file guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=cb160dc1-1a00-0000-ff99-f05efc090000 pid=2556 execve guuid=c916d1d5-1a00-0000-ff99-f05e2e0a0000 pid=2606 /usr/bin/chmod guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=c916d1d5-1a00-0000-ff99-f05e2e0a0000 pid=2606 execve guuid=fc6031d6-1a00-0000-ff99-f05e300a0000 pid=2608 /usr/bin/dash guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=fc6031d6-1a00-0000-ff99-f05e300a0000 pid=2608 clone guuid=b2cd2fd7-1a00-0000-ff99-f05e330a0000 pid=2611 /usr/bin/wget net send-data write-file guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=b2cd2fd7-1a00-0000-ff99-f05e330a0000 pid=2611 execve guuid=f98bf5ec-1a00-0000-ff99-f05e5e0a0000 pid=2654 /usr/bin/chmod guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=f98bf5ec-1a00-0000-ff99-f05e5e0a0000 pid=2654 execve guuid=4f2d59ed-1a00-0000-ff99-f05e5f0a0000 pid=2655 /usr/bin/dash guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=4f2d59ed-1a00-0000-ff99-f05e5f0a0000 pid=2655 clone guuid=c03217ee-1a00-0000-ff99-f05e620a0000 pid=2658 /usr/bin/wget net send-data write-file guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=c03217ee-1a00-0000-ff99-f05e620a0000 pid=2658 execve guuid=d5f74003-1b00-0000-ff99-f05e840a0000 pid=2692 /usr/bin/chmod guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=d5f74003-1b00-0000-ff99-f05e840a0000 pid=2692 execve guuid=44bbc003-1b00-0000-ff99-f05e860a0000 pid=2694 /usr/bin/dash guuid=070417a1-1a00-0000-ff99-f05eb0090000 pid=2480->guuid=44bbc003-1b00-0000-ff99-f05e860a0000 pid=2694 clone 9df19bce-d755-5940-91ff-d0e847757959 109.205.213.5:80 guuid=9cf869a1-1a00-0000-ff99-f05eb2090000 pid=2482->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=cb160dc1-1a00-0000-ff99-f05efc090000 pid=2556->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=b2cd2fd7-1a00-0000-ff99-f05e330a0000 pid=2611->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=c03217ee-1a00-0000-ff99-f05e620a0000 pid=2658->9df19bce-d755-5940-91ff-d0e847757959 send: 140B
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/374309fde2f1d07ff68ce63abf18de587cf4084f3e731b66c417a16b605cddae
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/374309fde2f1d07ff68ce63abf18de587cf4084f3e731b66c417a16b605cddae/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-18 22:10:56 UTC
File Type:
Text (JavaScript)
AV detection:
8 of 38 (21.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g5bqt7pc6hih75um4y5l6gg6lb6piccphzzrwzwec6qwwyc43wxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/374309fde2f1d07ff68ce63abf18de587cf4084f3e731b66c417a16b605cddae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 374309fde2f1d07ff68ce63abf18de587cf4084f3e731b66c417a16b605cddae

(this sample)

Mirai

elf c53f3f4aabd55bc53fe374940c9b1e443563833572ecd4dcac458fe8883b8dc3

  
URLhaus
https://urlhaus.abuse.ch/url/3620249/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3f08730059509f77c6fddde058dcb457
  
Dropping
SHA256 c53f3f4aabd55bc53fe374940c9b1e443563833572ecd4dcac458fe8883b8dc3

Comments