MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f0c792386ee0dd77abde242365d89dfc7dd38ea396e4683518f84a4c6981ce4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f0c792386ee0dd77abde242365d89dfc7dd38ea396e4683518f84a4c6981ce4
SHA3-384 hash: a0f887c7ec22af036e65ca8994367eb56b1a02f72c616843ff7fbdbece9d3fac68d89c13ae54383651152954979ddfed
SHA1 hash: f1d2f35f2ef582dfce1e3efb73867a4da972b1e7
MD5 hash: bddb0ea998c9fd6227ae6e5352005e7c
humanhash: tennessee-harry-harry-hamper
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:577 bytes
First seen:2025-12-06 22:46:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:xnRx6Vnzo6nSNIjlT09nfiKl2YVn+6nS9ona0on4hmv:hRx61zhSNIpIKKljXSqs4wv
TLSH T17DF0A4EC0626596303548E85A521C08FE002F1C26B312F4DDE3AF1AD9CE929A3418F97
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://134.195.137.83/bins/parmcaee3441f0840d7b0126d59334fb25f1937e07593d5938256c612b98573aa1b6 Miraiarm elf geofenced mirai opendir ua-wget USA
http://134.195.137.83/bins/parm58d3e28443656b7f48f0e93860ef4cc2fff2d26655b3111471848b31c4754b607 Miraiarm elf geofenced mirai opendir ua-wget USA
http://134.195.137.83/bins/parm65516d5ad3fa27a731bc01048569569d6ae0cf27adea9e928c4cbebad9f83c603 Miraiarm elf geofenced mirai opendir ua-wget USA
http://134.195.137.83/bins/parm793d4e5a6f7e74123c34f870fe80bf83e49c947b1975bdf67ca387c144a24e808 Miraiarm elf geofenced mirai opendir ua-wget USA
http://134.195.137.83/bins/psh451f53a336067786c468be23174b5490e0af7b75cdb2394dc6861943bbaa6a842 Miraielf geofenced mirai opendir SuperH ua-wget USA
http://134.195.137.83/bins/pmipsc09b404a9bef4f1064ad1dc0f8c506feeaf7c9fcfed58cd97e3476a4039dc8be Miraielf geofenced mips mirai opendir ua-wget USA
http://134.195.137.83/bins/pmipseln/an/aelf ua-wget
http://134.195.137.83/bins/px862110ac3ba62dacb2cef11e45729af627d7d938e58fd120831b17071e250bd990 Miraielf geofenced mirai opendir ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6934b274bba50eaf0424a3ee/reports/7b711379-f44c-497d-9c4a-7703f5c17049/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-12-06T20:11:00Z UTC
Last seen:
2025-12-06T20:38:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/3f0c792386ee0dd77abde242365d89dfc7dd38ea396e4683518f84a4c6981ce4/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3f0c792386ee0dd77abde242365d89dfc7dd38ea396e4683518f84a4c6981ce4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f0c792386ee0dd77abde242365d89dfc7dd38ea396e4683518f84a4c6981ce4/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-06 22:47:19 UTC
File Type:
Text (Shell)
AV detection:
6 of 36 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h4ghsi4g5yg5o6v54jbdmxmj37d52ohkhfxena2rr6ckjruydtsa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251206-2qmn4atqdw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3f0c792386ee0dd77abde242365d89dfc7dd38ea396e4683518f84a4c6981ce4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3f0c792386ee0dd77abde242365d89dfc7dd38ea396e4683518f84a4c6981ce4

(this sample)

Mirai

elf 69d66b7b4da4551db18503490147ebb357616cb24ff2237452512a15fb4236e1

Mirai

elf caee3441f0840d7b0126d59334fb25f1937e07593d5938256c612b98573aa1b6

  
URLhaus
https://urlhaus.abuse.ch/url/3728165/
  
Delivery method
Distributed via web download
  
Dropping
MD5 18a08f662eb614bc911aa997d6b5ff33
  
Dropping
SHA256 caee3441f0840d7b0126d59334fb25f1937e07593d5938256c612b98573aa1b6

Comments