MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 394e8923d75fa08a78a11e9c4cfd63dc1e7bde5d1c376c23c9abebf8aa2bd4d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 394e8923d75fa08a78a11e9c4cfd63dc1e7bde5d1c376c23c9abebf8aa2bd4d3
SHA3-384 hash: 1cc151724b0811af4237645b99fc3a85f273880c3689d7f42b77c3d45b05e6b57eae8118086d39230a795f1865856b3f
SHA1 hash: 2ba387995d7b8e6415dee1604612ef8c37770f1b
MD5 hash: 61fdf9e750d9e48081d748d140650d77
humanhash: magazine-golf-mango-winter
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:910 bytes
First seen:2025-04-20 14:53:42 UTC
Last seen:2025-04-24 23:27:58 UTC
File type: sh
MIME type:text/plain
ssdeep 12:3J3fiVQExCWEQaNI9kxwAQnySKxWHQ4xRI4qKAQI6QGPCQEoeVQ1JeQBx7+cAQfo:3J3KZGNIqyKxW1xWOoPasR
TLSH T16411C2CD1098ADD65A1FCDC7739D881E6681C6D0E4BB6731F2269D3258CA300F854BE6
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.115.12/bot.armc4a7bd323df62e4d4df684b3456a100064232aeef67e498dfc853c5b7d5e931c Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.arm5705a79e4e5255b67ac7cb7228b74dfefc679b2bbf15236dff2507447d99fbc1c Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.arm6904d5285d634fea62e0aeb0853de78de8166c9a38f8d2cfa20c60bf59312bb5f Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.arm7a75dd62515d52472d1bc732109342df8e5e784cb9276eb107d99f03b370b38ce Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.sh45c4907709725e1ff6b7ada33854fe67e7059645233a752c75c7f52f7e77dbe34 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.ppc1c935eac666882c1e64fcf7091909d6e1c8dd977c4ba28a4369494781595091e Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.mips1e933eaca08ad804d1e35157c95176727ae64a87056f3688a521782687a55a95 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.mpslb7307c083b9fdfde53c6adbc55654368c051b390755a9c0b766dda122036f574 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.spcn/an/aelf mirai moobot ua-wget
http://94.156.115.12/bot.x86c0ea92acc7aa2ce377c2f86f58f2ec12b20e51cf7c23191887c5072b84c561ac Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.x86_641bf9fa0c8c8eb7513470a0006724a3b21785c81ee74eb0017afce2d44aef27e6 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.i586n/an/aelf mirai moobot ua-wget

Intelligence

File Origin
# of uploads :
4
# of downloads :
69
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68050a94280f5f89a0d26978linux22vpnfull_triage
Tags:
downloader trojan agent
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68050a9290767142c3dc80b9/reports/aba42169-3ad4-425c-9f3f-31561189be95/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/394e8923d75fa08a78a11e9c4cfd63dc1e7bde5d1c376c23c9abebf8aa2bd4d3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/394e8923d75fa08a78a11e9c4cfd63dc1e7bde5d1c376c23c9abebf8aa2bd4d3/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-04-20 14:54:12 UTC
File Type:
Text
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hfhisi6xl6qiu6fbd2oez7ld3qphxxs5dq3wyi6jvpv7rkrl2tjq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250420-r9xnas1q13/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/394e8923d75fa08a78a11e9c4cfd63dc1e7bde5d1c376c23c9abebf8aa2bd4d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 394e8923d75fa08a78a11e9c4cfd63dc1e7bde5d1c376c23c9abebf8aa2bd4d3

(this sample)

Mirai

elf 616e2826d4c027924809731e7eacbcbf8b0cc3023afad78e7833e70b8c0c3197

Mirai

elf c4a7bd323df62e4d4df684b3456a100064232aeef67e498dfc853c5b7d5e931c

  
Dropping
MD5 36e8177ee200fb5a316af4e51f25a87d
  
Dropping
SHA256 c4a7bd323df62e4d4df684b3456a100064232aeef67e498dfc853c5b7d5e931c
  
URLhaus
https://urlhaus.abuse.ch/url/3519772/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3519805/

Comments