MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f3d8e3e89ebc103025720ca5add4be241e4104fa439cc61bb8badab9f53df14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f3d8e3e89ebc103025720ca5add4be241e4104fa439cc61bb8badab9f53df14
SHA3-384 hash: 7cc61a0d28a53c792948eb1a4e0222bc46530c33f03838c80e79f95a0a0152b1c8a7bae9ba4895a5a9f77cb582c92080
SHA1 hash: fabf055156bc8367b86ca9c59e91e10a0626cf78
MD5 hash: 2836f3de363077231102d953e196bd20
humanhash: batman-monkey-skylark-delaware
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:909 bytes
First seen:2025-01-31 14:11:39 UTC
Last seen:2025-01-31 15:59:49 UTC
File type: sh
MIME type:text/plain
ssdeep 12:wviV+bUxCWE+bKNI9kxwA+b3ySKxWH+XfyF+XyPC+XooeV+06+ExRI4qKA+xJe+C:5PoNIqAKxfL6oy1xZKRxn
TLSH T15211BF8D221896C4081ECDC3359D8E14434A87D0B5BCEFB9BD840C338C99501B88CFEB
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.191.244.98/bot.arm29596ef238bbbd389c7822bee9695ee3cac76819e4791e4376a1d76d3c9fc644 Miraielf mirai
http://160.191.244.98/bot.arm5d87011b7f64eb9f8b3037d5e43e144d5376cab45fdfcb1333ef4607f497157d2 Miraielf mirai
http://160.191.244.98/bot.arm657307aca0d261ebd438f0a507a1afbdd2eb1635cb8ee5c2b8aa21c96db5c4daa Miraielf mirai
http://160.191.244.98/bot.arm792459513bb5128d8f3d817d9ff98fe1264a280626ac55142af4aaf89110ee74b Miraielf mirai
http://160.191.244.98/bot.m68k49dae0193d76c6e05c508a0a8d39ca25e129c389a40c895beb34473e1d508db5 Miraielf mirai
http://160.191.244.98/bot.mips3bd166e5658bc34509bbf55b9c75f5d09b2396d6c29ab5f2fd445ddeeb8e0aff Miraielf mirai
http://160.191.244.98/bot.mpsl5d2282d2e02ea681f8dcf4e53c36faacb55d429fa4477d8bf108e635c44d0d27 Miraielf mirai
http://160.191.244.98/bot.ppc8e078e9101cb29aa9a8ba28af5f011e935ba3a4797fd6f073fd40d0d8ddf54f8 Miraielf mirai
http://160.191.244.98/bot.sh434c2d58c1354d72f6a833308a973799531fafed1eb63e23766be465c5889e0c4 Miraielf mirai
http://160.191.244.98/bot.spcn/an/an/a
http://160.191.244.98/bot.x8628c61c85e44afc301f7c920891ceef01040b1c5e0b2ddc3a263e28b21b7ab5a9 Miraielf mirai
http://160.191.244.98/bot.x86_64bd443f8bd709917299cdb8800121741eb1db923aad55684a22ce71368000830c Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30755.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=679cdb1402140668e2ce6cb8linux22vpnfull_triage
Tags:
downloader mirai agent virus
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/679cda370ca4151de4d762c2/reports/f8ce303c-bc94-476a-9df2-e0fc69019ef6/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/3f3d8e3e89ebc103025720ca5add4be241e4104fa439cc61bb8badab9f53df14
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f3d8e3e89ebc103025720ca5add4be241e4104fa439cc61bb8badab9f53df14/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-01-31 14:12:05 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h46y4puj5paqgasxedffvxkl4ja6iecpuq44yyn3row2xh2t34ka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250131-rhyfhszlgr/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/3f3d8e3e89ebc103025720ca5add4be241e4104fa439cc61bb8badab9f53df14

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3f3d8e3e89ebc103025720ca5add4be241e4104fa439cc61bb8badab9f53df14

(this sample)

Mirai

elf 29596ef238bbbd389c7822bee9695ee3cac76819e4791e4376a1d76d3c9fc644

  
URLhaus
https://urlhaus.abuse.ch/url/3421318/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d2cce93dce650264f202e9bd61f06e0d
  
Dropping
SHA256 29596ef238bbbd389c7822bee9695ee3cac76819e4791e4376a1d76d3c9fc644

Comments