MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a64045f8f9e2fd7bdc33d448b36d023d2fd97f9efc1d6d3647d1965ae0d5e9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a64045f8f9e2fd7bdc33d448b36d023d2fd97f9efc1d6d3647d1965ae0d5e9e
SHA3-384 hash: 3aa4f27cba31922209c463770388668f87db47e43e846c96a7d891d16919591a1a210f78a7311017992b4abf1086ea93
SHA1 hash: 19170a8b3eb64ea28f63586d84af0de3dbcb55b5
MD5 hash: ac1758f544243a03414600559bced44f
humanhash: vermont-floor-jig-apart
File name:toto
Download: download sample
Signature Mirai
Create hunting rule
File size:2'309 bytes
First seen:2025-08-17 15:54:49 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:TJNi4wh3G1949Q9Y9M91AFgW9ptEIcsGkL6L8qSL8qli8qWF8qV5:lNi2QYwECFZ9f5DGLWLpiCFp5
TLSH T1604128EF1361B5F42981CCDAF6630A38DA49E5E30CC20D6CF99D95525ADCD5C7024DD0
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.188.83.28/lmips4cc60746df828d8a6d7bc51881a1078a4f8854a5b7ebd7df9ac3855e8b10817f Gafgytelf gafgyt ua-wget
http://103.188.83.28/lmpsl9996d7334c378cb7a5fe762694784d903da1465eddaaf48f7a3c251d3402aea1 Gafgytelf gafgyt ua-wget
http://103.188.83.28/larm4e2614e30221d3aa30eab0871a643e49ffccead7538bcc58563cafc87f854467a Miraielf mirai ua-wget
http://103.188.83.28/larm5377eb7d0dbf209450e4c6cbfd5db6c1789e53b3f71149cfc61a3ca7982ff6d44 Miraielf mirai ua-wget
http://103.188.83.28/larm739deb6b227df9d3ceda2c754d72c8485d2aa739af2303403665d769e3be9ff9c Miraielf mirai ua-wget
ftp://3.188.83.28:21/larm7n/an/an/a
ftp://3.188.83.28:21/larm5n/an/an/a
ftp://3.188.83.28:21/larm4n/an/an/a
ftp://3.188.83.28:21/lmipsn/an/an/a
ftp://3.188.83.28:21/lmpsln/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-36.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Labled as:
Linux/TrojanDownloader.SH
Link:
https://www.hybrid-analysis.com/sample/3a64045f8f9e2fd7bdc33d448b36d023d2fd97f9efc1d6d3647d1965ae0d5e9e
Score:
89%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3a64045f8f9e2fd7bdc33d448b36d023d2fd97f9efc1d6d3647d1965ae0d5e9e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a64045f8f9e2fd7bdc33d448b36d023d2fd97f9efc1d6d3647d1965ae0d5e9e/
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-17 18:54:30 UTC
File Type:
Text (Shell)
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hjsaix4ptyx5ppodhvciwnwqepjp3f7z57a5nu3epumwllqnl2pa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250817-xkc59axlt7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3a64045f8f9e2fd7bdc33d448b36d023d2fd97f9efc1d6d3647d1965ae0d5e9e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3a64045f8f9e2fd7bdc33d448b36d023d2fd97f9efc1d6d3647d1965ae0d5e9e

(this sample)

Gafgyt

elf 4cc60746df828d8a6d7bc51881a1078a4f8854a5b7ebd7df9ac3855e8b10817f

  
URLhaus
https://urlhaus.abuse.ch/url/3588358/
  
Delivery method
Distributed via web download
  
Dropping
MD5 288c8a7778cf3991b093c609aca1b851
  
Dropping
SHA256 4cc60746df828d8a6d7bc51881a1078a4f8854a5b7ebd7df9ac3855e8b10817f

Comments