MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42d73476e774e72a70393d7f0fa7eeaba18ab428a87e2aa5f73d16ce9db7516c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42d73476e774e72a70393d7f0fa7eeaba18ab428a87e2aa5f73d16ce9db7516c
SHA3-384 hash: eb9d8f333a23be24df1d525d88c8f687246dbc6081764883181411b4ce591e9eb6bc3336bda999c048b57da1d0df74ed
SHA1 hash: ba79a4e9149fd59bfae2f9c5caa290083ef6d934
MD5 hash: cd5abb2027d096aa2f6a20f572adb3fd
humanhash: michigan-undress-video-angel
File name:so
Download: download sample
Signature Mirai
Create hunting rule
File size:1'007 bytes
First seen:2025-12-05 18:21:37 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:XFgXYaFfHYaF6YaFxYaFsRdYaFNYaF5eYaF4eYaFTYaFyXYaFQ9Yy:XhamavasaioaEaBaKaeakoa5y
TLSH T16511337D030EA9A9808DE83A7295C30CB0A24FCE347787455C49617C70F05DF7272D1A
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/zerarmb3327565abb469b5e72ec0a7507534510ccc60acb002cb2b283735323a112420 Miraielf mirai ua-wget
http://213.209.143.64/zerarm511be9259843c96c79c4fc470a75225739fe43edec7d8fe2fccaa26d52851aa92 Miraielf mirai ua-wget
http://213.209.143.64/zerarm61fe3d648a158c45350edc95a2b176a625df955c2e96e4deba7e51e647c827191 Miraielf gafgyt mirai ua-wget
http://213.209.143.64/zerarm785e820c56acd10a63589c956ac80b187e1519a5ce248684656763150c044a27e Miraicensys elf mirai ua-wget
http://213.209.143.64/zerm68k278ac054a48a876da96c72b249d39cb04e7955efbe847126cec66cc00c2cbfe5 Miraielf gafgyt mirai ua-wget
http://213.209.143.64/zermips3ec3f406ab6e32b212258e9dff737042afab96d29b78ae795512b58952ba89b9 Miraielf mirai ua-wget
http://213.209.143.64/zermpslb1ee0fe9064f62c1674ed8afbeb6d175feec0ce7bb61213e3cc5e66059e7b88c Miraielf mirai ua-wget
http://213.209.143.64/zerppccd10a5b32764ecda7837bb9641b02a7549b15556e2ca17c76e676ae0bc7b4310 Miraielf mirai ua-wget
http://213.209.143.64/zersh4e26b89d66f151074758de67da0e319991ab99abca8e192d7cc72212b7a5c3af5 Miraielf gafgyt mirai ua-wget
http://213.209.143.64/zerspcdbd0a83fd9c02f87e38f320be9fe7c80a71dc3cbfab365e016356cec6649d78a Miraielf mirai ua-wget
http://213.209.143.64/zerx868084d2a98a8a09aa1cc54171abd670623687ce3263160668cf54a606cc5f7e8c Miraicensys elf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/69332540bba50eaf04236c7e/reports/247a5dbe-6226-4275-af1a-516b1650a31d/overview
Verdict:
Malicious
Labled as:
Trojan[Downloader]/Shell.Agent
Link:
https://www.hybrid-analysis.com/sample/42d73476e774e72a70393d7f0fa7eeaba18ab428a87e2aa5f73d16ce9db7516c
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-05T16:42:00Z UTC
Last seen:
2025-12-06T19:54:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/42d73476e774e72a70393d7f0fa7eeaba18ab428a87e2aa5f73d16ce9db7516c/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/42d73476e774e72a70393d7f0fa7eeaba18ab428a87e2aa5f73d16ce9db7516c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/42d73476e774e72a70393d7f0fa7eeaba18ab428a87e2aa5f73d16ce9db7516c/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 18:32:31 UTC
File Type:
Text (Shell)
AV detection:
19 of 38 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=illti5xhottsu4bzhv7q7j7ovoqyvnbivb7cvjpxhulm5hnxkfwa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251205-w6wztatqal/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 42d73476e774e72a70393d7f0fa7eeaba18ab428a87e2aa5f73d16ce9db7516c

(this sample)

Mirai

elf e40d5e1ae2f59cf1fd8c0399dd6c1dc7f8650d02b2fa9c49defe62fb5d68669d

  
URLhaus
https://urlhaus.abuse.ch/url/3726380/
  
Delivery method
Distributed via web download
  
Dropping
MD5 540d87273de4e7403c54380f751e6e20
  
Dropping
SHA256 e40d5e1ae2f59cf1fd8c0399dd6c1dc7f8650d02b2fa9c49defe62fb5d68669d
  
URLhaus
https://urlhaus.abuse.ch/url/3727698/

Comments