MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fedbb85ead1f892dff27348b896ee72a565900039067a9d33f980da7d553a56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fedbb85ead1f892dff27348b896ee72a565900039067a9d33f980da7d553a56
SHA3-384 hash: ca0b8e21c31a99cf44ac5751a8168e92f129db00d0585ee199fe362260b605dd8fc4175c966baf91b48b77ef85471bdc
SHA1 hash: 35851b0409d3d2561c55ea6cb0b3539a2943b669
MD5 hash: d016537d635e14ccb5d4ece91e54addf
humanhash: rugby-one-mexico-steak
File name:goahead.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:327 bytes
First seen:2025-09-03 04:14:42 UTC
Last seen:2025-09-03 14:02:34 UTC
File type: sh
MIME type:text/plain
ssdeep 3:QnQNFn8Na2ZQII5eEdcgbSoOjVxi8LUTidaSSE8qa4aYeVBwOnQNFn8Na2ZQIIQ9:lswzI9Edcg2EOtFzswzIddcg2xW
TLSH T16EE04FE500548EA4BCC069CF34A58A137423D25E18C56F96EFDC21F6449CC04B852B07
Magika batch
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://139.177.197.168/mpsl73d23e3291eca6018be1e0c85b13aa48e9cd9e36cebcc642cfed72e6fdd8a17f Miraielf mirai
http://139.177.197.168/mips4e589892f95fe0035dbda7f3c189adee300dd94ee2de6bff873822f450080696 Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BV.Downloader-AEH.54755252.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
text
First seen:
2024-04-14T16:45:00Z UTC
Last seen:
2024-04-14T16:45:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/3fedbb85ead1f892dff27348b896ee72a565900039067a9d33f980da7d553a56/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a9e3a684-b7c8-4fe7-9bee-a5a93f843290
Behavior Graph:
Download SVG
%3 guuid=02e2fd6f-1900-0000-c893-023614090000 pid=2324 /usr/bin/sudo guuid=4bcdf171-1900-0000-c893-023618090000 pid=2328 /tmp/sample.bin guuid=02e2fd6f-1900-0000-c893-023614090000 pid=2324->guuid=4bcdf171-1900-0000-c893-023618090000 pid=2328 execve guuid=e6e62672-1900-0000-c893-02361a090000 pid=2330 /usr/bin/rm guuid=4bcdf171-1900-0000-c893-023618090000 pid=2328->guuid=e6e62672-1900-0000-c893-02361a090000 pid=2330 execve guuid=2f287972-1900-0000-c893-02361c090000 pid=2332 /usr/bin/wget guuid=4bcdf171-1900-0000-c893-023618090000 pid=2328->guuid=2f287972-1900-0000-c893-02361c090000 pid=2332 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3fedbb85ead1f892dff27348b896ee72a565900039067a9d33f980da7d553a56
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3fedbb85ead1f892dff27348b896ee72a565900039067a9d33f980da7d553a56/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/3fedbb85ead1f892dff27348b896ee72a565900039067a9d33f980da7d553a56
Threat name:
Script.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2024-07-04 04:23:08 UTC
File Type:
Text (Shell)
AV detection:
4 of 38 (10.53%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h7w3xbpk2h4jfx7sonelrfxookswleaahedhvhjt7ganu7kvhjla._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250903-ew3aea1jy2/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3fedbb85ead1f892dff27348b896ee72a565900039067a9d33f980da7d553a56

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3fedbb85ead1f892dff27348b896ee72a565900039067a9d33f980da7d553a56

(this sample)

Mirai

elf 73d23e3291eca6018be1e0c85b13aa48e9cd9e36cebcc642cfed72e6fdd8a17f

  
URLhaus
https://urlhaus.abuse.ch/url/3615968/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2afb82587a0fe4b043e775a45cb94736
  
Dropping
SHA256 73d23e3291eca6018be1e0c85b13aa48e9cd9e36cebcc642cfed72e6fdd8a17f

Comments