MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37d98ab4a7615caa8e54c667852d73a6e1bbd07ea9cb5758fbb02202cf5e3d84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37d98ab4a7615caa8e54c667852d73a6e1bbd07ea9cb5758fbb02202cf5e3d84
SHA3-384 hash: 530df0608dbe6454ad699417016b9ff4bc3e4c9c0cae448507f1939e42a9f7d58bcf86aa87246108b3401279bf493150
SHA1 hash: c21ced9f498f814b402318f012a37a5dad35e72e
MD5 hash: 55d4e055bfbab966303e75e72c9be3e2
humanhash: timing-apart-network-fifteen
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'114 bytes
First seen:2025-11-27 10:25:17 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:qlUSsVUUNIOOAU1NK4HUFEUbUWTDkwUesHULKAUSvHUCcAUAHAUR:qW2UNIf7K97IWTDk1l0+lPCgGHR
TLSH T1E62129DE3799D402DF2D4EC43075881AA28D86E077250B88F6AD44F769DEB1D7329E0B
Magika asm
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.186.26.202/bins/sora.arm0e863586c6e109b114296ac0fe683f11150aa2d1e37c968ea4cd9e002f385876 Miraiarm elf geofenced mirai ua-wget USA
http://185.186.26.202/bins/sora.arm5381ee83a1f62372df832db1eea9626ac7803a7ef490c8b48729df6c36e4de0a2 Miraiarm elf geofenced mirai ua-wget USA
http://185.186.26.202/bins/sora.arm692df02db90d873cc50f7dd9726670f130628b2de157cb6af2cf049e8ec11488d Miraiarm elf geofenced mirai ua-wget USA
http://185.186.26.202/bins/sora.arm7f9c6d7ebeaec939629be60b9322a98ea1937a83c8fd0c81685b26e3a465bb802 Miraiarm elf geofenced mirai ua-wget USA
http://185.186.26.202/bins/sora.m68k8fbfdfbf8ab0417ed60b32ddd8d30e1ec6567afcbab362c8eb2ce03e8222fd6b Miraielf geofenced m68k mirai ua-wget USA
http://185.186.26.202/bins/sora.mipsa318bcc7d42c58c42453936a62f558765d2e5c89ef6f01e7b9ae03014a0e7791 Miraielf geofenced mips mirai ua-wget USA
http://185.186.26.202/bins/sora.mpsldd07be07cdf7ba84dd1833378cba9969bb4d061b9acda8fad334a9a6f120cf99 Miraielf geofenced mips mirai ua-wget USA
http://185.186.26.202/bins/sora.ppcc128929f4a97f3f8815b493eceaa640a9fa22cdbf80b19f2476e3b266180a6d3 Miraielf geofenced mirai PowerPC ua-wget USA
http://185.186.26.202/bins/sora.sh4260652b694557293fcc0f8b41c6b5d157a7988ce39c237a1c9bf4d1560f008b9 Miraielf geofenced mirai SuperH ua-wget USA
http://185.186.26.202/bins/sora.spcdbeca5ada3abc231c4fb31bb77fdde97059c60965cb2313aee3d90aeabc6ce4f Miraielf geofenced mirai sparc ua-wget USA
http://185.186.26.202/bins/sora.x86b416bf3cb2b219777bdbc432e7182d6edae29db7bba41b0c22e644ef93bb1046 Miraielf geofenced mirai ua-wget USA x86
http://185.186.26.202/bins/sora.x86_64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
File Type:
text
First seen:
2025-11-27T08:19:00Z UTC
Last seen:
2025-11-27T08:32:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/37d98ab4a7615caa8e54c667852d73a6e1bbd07ea9cb5758fbb02202cf5e3d84/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/37d98ab4a7615caa8e54c667852d73a6e1bbd07ea9cb5758fbb02202cf5e3d84
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37d98ab4a7615caa8e54c667852d73a6e1bbd07ea9cb5758fbb02202cf5e3d84/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-27 10:23:50 UTC
File Type:
Text (Shell)
AV detection:
14 of 36 (38.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g7myvnfhmfokvdsuyztyklltu3q3xud6vhfvowh3waraft26hwca._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251127-mf6lwsvjbw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/37d98ab4a7615caa8e54c667852d73a6e1bbd07ea9cb5758fbb02202cf5e3d84

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 37d98ab4a7615caa8e54c667852d73a6e1bbd07ea9cb5758fbb02202cf5e3d84

(this sample)

Mirai

elf 54dd51f257bdf825d605210c6027f6455bc268f04b4122d8304fa2f2d5136d76

Mirai

elf 0e863586c6e109b114296ac0fe683f11150aa2d1e37c968ea4cd9e002f385876

  
URLhaus
https://urlhaus.abuse.ch/url/3717660/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e03ed48bf3a9a7af9d7555eb16d2bed1
  
Dropping
SHA256 0e863586c6e109b114296ac0fe683f11150aa2d1e37c968ea4cd9e002f385876

Comments