MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3865c2b357dc288da29103f62ea755d2100701151cdcd89d321f76e830f3d6a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3865c2b357dc288da29103f62ea755d2100701151cdcd89d321f76e830f3d6a3
SHA3-384 hash: 6813eadd92d4296be4e1c808651ed550912317e2f320200842dc90cfbd287a818f9fead8fbc0412ac1dde487cc09f41a
SHA1 hash: 1247b4f3e438620781166082135ac4fbfee0b191
MD5 hash: 2ec697de65823b612ab354b14b950ecf
humanhash: alanine-six-massachusetts-angel
File name:g.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:795 bytes
First seen:2025-07-24 08:43:45 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:NoWBGhBh9Mk8QobepEBkV/I/V7n9qatkk0:NoGGhL8QobVBkVwV7n9qat/0
TLSH T1D701F14AE58097B0A9820008F3CBD53BB0A743FC166129ACFD0F6E35BA9CC84F461331
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://115.187.17.117/mpslc6fdb738382126b065f348316f4ee1d716ae897c81f51ecc239e81a368905a18 Miraielf mips mirai ua-wget
http://115.187.17.117/mips4c83b3de558a5fab6b3b96372f3fb3cdb1829792bf31baa3a960a68e15585cff Miraielf mips mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/6881f2677bc45bdee1b76ffe/reports/e39f5235-2dba-4bdd-96c8-b407e246fb74/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/602a28a0-c06e-488f-bc3f-d0d440ae687f
Behavior Graph:
Download SVG
%3 guuid=7306a615-1900-0000-b319-b52aee120000 pid=4846 /usr/bin/sudo guuid=a7187417-1900-0000-b319-b52af7120000 pid=4855 /tmp/sample.bin guuid=7306a615-1900-0000-b319-b52aee120000 pid=4846->guuid=a7187417-1900-0000-b319-b52af7120000 pid=4855 execve guuid=a429491d-1900-0000-b319-b52a06130000 pid=4870 /usr/bin/rm guuid=a7187417-1900-0000-b319-b52af7120000 pid=4855->guuid=a429491d-1900-0000-b319-b52a06130000 pid=4870 execve guuid=b425c91d-1900-0000-b319-b52a09130000 pid=4873 /usr/bin/busybox net send-data write-file guuid=a7187417-1900-0000-b319-b52af7120000 pid=4855->guuid=b425c91d-1900-0000-b319-b52a09130000 pid=4873 execve guuid=b55cbd8b-1900-0000-b319-b52adb130000 pid=5083 /usr/bin/chmod guuid=a7187417-1900-0000-b319-b52af7120000 pid=4855->guuid=b55cbd8b-1900-0000-b319-b52adb130000 pid=5083 execve guuid=44bb2f8c-1900-0000-b319-b52adc130000 pid=5084 /usr/bin/dash guuid=a7187417-1900-0000-b319-b52af7120000 pid=4855->guuid=44bb2f8c-1900-0000-b319-b52adc130000 pid=5084 clone guuid=1740f18d-1900-0000-b319-b52ae0130000 pid=5088 /usr/bin/rm guuid=a7187417-1900-0000-b319-b52af7120000 pid=4855->guuid=1740f18d-1900-0000-b319-b52ae0130000 pid=5088 execve guuid=2671408e-1900-0000-b319-b52ae2130000 pid=5090 /usr/bin/busybox net send-data write-file guuid=a7187417-1900-0000-b319-b52af7120000 pid=4855->guuid=2671408e-1900-0000-b319-b52ae2130000 pid=5090 execve guuid=a63f2735-1a00-0000-b319-b52a64140000 pid=5220 /usr/bin/chmod guuid=a7187417-1900-0000-b319-b52af7120000 pid=4855->guuid=a63f2735-1a00-0000-b319-b52a64140000 pid=5220 execve guuid=a7467835-1a00-0000-b319-b52a65140000 pid=5221 /usr/bin/dash guuid=a7187417-1900-0000-b319-b52af7120000 pid=4855->guuid=a7467835-1a00-0000-b319-b52a65140000 pid=5221 clone 69bd1a6f-d5b5-5b0e-b6ac-11cb73239f50 115.187.17.117:80 guuid=b425c91d-1900-0000-b319-b52a09130000 pid=4873->69bd1a6f-d5b5-5b0e-b6ac-11cb73239f50 send: 81B guuid=2671408e-1900-0000-b319-b52ae2130000 pid=5090->69bd1a6f-d5b5-5b0e-b6ac-11cb73239f50 send: 81B
Score:
15%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/3865c2b357dc288da29103f62ea755d2100701151cdcd89d321f76e830f3d6a3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3865c2b357dc288da29103f62ea755d2100701151cdcd89d321f76e830f3d6a3/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/3865c2b357dc288da29103f62ea755d2100701151cdcd89d321f76e830f3d6a3
Threat name:
Script-BAT.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-07-24 17:06:16 UTC
File Type:
Text (Shell)
AV detection:
6 of 23 (26.09%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hbs4fm2x3qui3iurap3c5j2v2iiaoaivdtonrhjsd53oqmht22rq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250724-knas3shq4y/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3865c2b357dc288da29103f62ea755d2100701151cdcd89d321f76e830f3d6a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3865c2b357dc288da29103f62ea755d2100701151cdcd89d321f76e830f3d6a3

(this sample)

Mirai

elf c6fdb738382126b065f348316f4ee1d716ae897c81f51ecc239e81a368905a18

  
URLhaus
https://urlhaus.abuse.ch/url/3588992/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e3b25806d489349f4faa86d73ad3cadc
  
Dropping
SHA256 c6fdb738382126b065f348316f4ee1d716ae897c81f51ecc239e81a368905a18

Comments