MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b6fb86356d15f3b52f09bdcb433ce34f643e6f4f6d492711f4c8dcac8ac7aec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b6fb86356d15f3b52f09bdcb433ce34f643e6f4f6d492711f4c8dcac8ac7aec
SHA3-384 hash: c4ca25ebdb9023a497adbfefcb2a9075643c7fe06470ce7ff17224cc59d0aa6b84b7aa785e6eb9a2b0bb8b753d272c89
SHA1 hash: e13476e371f745fc454d91a093acebce65dc252f
MD5 hash: f457b4665b737926fd18ed4d12a2da2c
humanhash: juliet-neptune-iowa-undress
File name:x
Download: download sample
Signature Mirai
Create hunting rule
File size:128 bytes
First seen:2025-12-22 16:41:01 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:haX+v1FjX+v73VZv+vaGN3zSTASUKoS0/eXIFIXWX+v1Fg:WGrk3mSaqA54X4IXQGg
TLSH T181B0926A07033D03807DDC3A32B10FCC74257B4D144B3B883CC3406FD0845C42268914
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/zerarm7edb3da9359391a4da13cdee8c03d9051b21ca12124f2f2456945437b4f191740 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.BV.Downloader-AEH.12819814.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/3b6fb86356d15f3b52f09bdcb433ce34f643e6f4f6d492711f4c8dcac8ac7aec
Verdict:
Malicious
File Type:
text
First seen:
2025-12-22T14:43:00Z UTC
Last seen:
2025-12-22T15:01:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/3b6fb86356d15f3b52f09bdcb433ce34f643e6f4f6d492711f4c8dcac8ac7aec/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fc753617-0cb0-4736-ab8b-334001b63f20
Behavior Graph:
Download SVG
%3 guuid=fff48a88-1900-0000-543b-80a9ea070000 pid=2026 /usr/bin/sudo guuid=6c48bf8a-1900-0000-543b-80a9f1070000 pid=2033 /tmp/sample.bin guuid=fff48a88-1900-0000-543b-80a9ea070000 pid=2026->guuid=6c48bf8a-1900-0000-543b-80a9f1070000 pid=2033 execve guuid=9720f18a-1900-0000-543b-80a9f2070000 pid=2034 /usr/bin/rm guuid=6c48bf8a-1900-0000-543b-80a9f1070000 pid=2033->guuid=9720f18a-1900-0000-543b-80a9f2070000 pid=2034 execve guuid=f3b5548b-1900-0000-543b-80a9f4070000 pid=2036 /usr/bin/rm guuid=6c48bf8a-1900-0000-543b-80a9f1070000 pid=2033->guuid=f3b5548b-1900-0000-543b-80a9f4070000 pid=2036 execve guuid=5d818c8b-1900-0000-543b-80a9f5070000 pid=2037 /usr/bin/wget net send-data write-file guuid=6c48bf8a-1900-0000-543b-80a9f1070000 pid=2033->guuid=5d818c8b-1900-0000-543b-80a9f5070000 pid=2037 execve guuid=7e48c491-1900-0000-543b-80a900080000 pid=2048 /usr/bin/chmod guuid=6c48bf8a-1900-0000-543b-80a9f1070000 pid=2033->guuid=7e48c491-1900-0000-543b-80a900080000 pid=2048 execve guuid=ff793f92-1900-0000-543b-80a902080000 pid=2050 /usr/bin/dash guuid=6c48bf8a-1900-0000-543b-80a9f1070000 pid=2033->guuid=ff793f92-1900-0000-543b-80a902080000 pid=2050 clone guuid=cb402993-1900-0000-543b-80a906080000 pid=2054 /usr/bin/rm delete-file guuid=6c48bf8a-1900-0000-543b-80a9f1070000 pid=2033->guuid=cb402993-1900-0000-543b-80a906080000 pid=2054 execve guuid=72719193-1900-0000-543b-80a909080000 pid=2057 /usr/bin/rm guuid=6c48bf8a-1900-0000-543b-80a9f1070000 pid=2033->guuid=72719193-1900-0000-543b-80a909080000 pid=2057 execve f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=5d818c8b-1900-0000-543b-80a9f5070000 pid=2037->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3b6fb86356d15f3b52f09bdcb433ce34f643e6f4f6d492711f4c8dcac8ac7aec
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3b6fb86356d15f3b52f09bdcb433ce34f643e6f4f6d492711f4c8dcac8ac7aec/
Threat name:
Text.Browser.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-22 16:42:43 UTC
File Type:
Text (Shell)
AV detection:
2 of 24 (8.33%)
Threat level:
  4/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hnx3qy2w2fptwuxqtpolim6ogt3ehzxu63kje4i7jsg4vsfmplwa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-k1k5ks1ndt/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3b6fb86356d15f3b52f09bdcb433ce34f643e6f4f6d492711f4c8dcac8ac7aec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3b6fb86356d15f3b52f09bdcb433ce34f643e6f4f6d492711f4c8dcac8ac7aec

(this sample)

Mirai

elf fb9f9fe26d5e965e4cf9a1cf5812ba3ce88c99e8e54669ea0cd8bb0f806fa075

  
URLhaus
https://urlhaus.abuse.ch/url/3740419/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c84fce02ae9f127b99a83a034635362f
  
Dropping
SHA256 fb9f9fe26d5e965e4cf9a1cf5812ba3ce88c99e8e54669ea0cd8bb0f806fa075

Comments