MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5103ef11f58315ecde61bf306c90eb328c2a2b1d9b2e8d379b52af9ebf271bc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5103ef11f58315ecde61bf306c90eb328c2a2b1d9b2e8d379b52af9ebf271bc8
SHA3-384 hash: fabf44e8ddd01893f6f7ce90256e74fc3edae6723eb88fb56f1f8a99fa34eec335dca80a107662cc01912b179988c536
SHA1 hash: dcd917d5a0c0c99d267f818209960a8d4028c304
MD5 hash: fea9100ce71f635381c53ffb86318b79
humanhash: cat-beryllium-november-princess
File name:tbk
Download: download sample
Signature Mirai
Create hunting rule
File size:379 bytes
First seen:2025-10-07 03:14:10 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SXq8WwfGwAK/w+QAjXq8WoGNIZo+/D0QAjXq8Wya9ya4yT6QAjXq8W878aEL:IdfJAKo+QADENI370QADihZ6QADRovL
TLSH T1E7E0129EC0101C023104DD80D0AF12B0B61DBDF0C258EE599E4F3E3E638CA103CB8555
Magika javascript
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://109.205.213.5/kvariant.arm795c84d2cb01247b415f57c19c291ff83f7f2e5da207db1fe775ae6df6f8414fe Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm6464e01d54829277f90c3a6079e7296056090aff9f57d5b399903470f40628536 Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm5b348e5b70ab7e0d8bb74afbd7749daaab6d7becf6854dfc75486a71da1430ab9 Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm376ca979cb4140b86393ee85cf7f66f18f5cee9ad886102ac207238e88562c6a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68e485ac621afcc881314f98/reports/17388628-1169-4f79-8a62-bfea4da65e9f/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/5103ef11f58315ecde61bf306c90eb328c2a2b1d9b2e8d379b52af9ebf271bc8
Verdict:
Malicious
File Type:
text
First seen:
2025-10-07T01:21:00Z UTC
Last seen:
2025-10-07T01:38:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5103ef11f58315ecde61bf306c90eb328c2a2b1d9b2e8d379b52af9ebf271bc8/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c3a84a5b-4f12-4e74-89da-574f0c2fc799
Behavior Graph:
Download SVG
%3 guuid=200589ab-1600-0000-ff5c-31d3bf0c0000 pid=3263 /usr/bin/sudo guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270 /tmp/sample.bin guuid=200589ab-1600-0000-ff5c-31d3bf0c0000 pid=3263->guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270 execve guuid=04da98ad-1600-0000-ff5c-31d3c80c0000 pid=3272 /usr/bin/wget net send-data write-file guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=04da98ad-1600-0000-ff5c-31d3c80c0000 pid=3272 execve guuid=534ba9c8-1600-0000-ff5c-31d3f30c0000 pid=3315 /usr/bin/chmod guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=534ba9c8-1600-0000-ff5c-31d3f30c0000 pid=3315 execve guuid=b14542c9-1600-0000-ff5c-31d3f40c0000 pid=3316 /usr/bin/dash guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=b14542c9-1600-0000-ff5c-31d3f40c0000 pid=3316 clone guuid=6c9affca-1600-0000-ff5c-31d3f60c0000 pid=3318 /usr/bin/wget net send-data write-file guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=6c9affca-1600-0000-ff5c-31d3f60c0000 pid=3318 execve guuid=40b4bce5-1600-0000-ff5c-31d31a0d0000 pid=3354 /usr/bin/chmod guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=40b4bce5-1600-0000-ff5c-31d31a0d0000 pid=3354 execve guuid=bd193be6-1600-0000-ff5c-31d31c0d0000 pid=3356 /usr/bin/dash guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=bd193be6-1600-0000-ff5c-31d31c0d0000 pid=3356 clone guuid=7d820ee7-1600-0000-ff5c-31d31f0d0000 pid=3359 /usr/bin/wget net send-data write-file guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=7d820ee7-1600-0000-ff5c-31d31f0d0000 pid=3359 execve guuid=9c1fb100-1700-0000-ff5c-31d3480d0000 pid=3400 /usr/bin/chmod guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=9c1fb100-1700-0000-ff5c-31d3480d0000 pid=3400 execve guuid=6f6d2401-1700-0000-ff5c-31d34a0d0000 pid=3402 /usr/bin/dash guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=6f6d2401-1700-0000-ff5c-31d34a0d0000 pid=3402 clone guuid=dc9d0d02-1700-0000-ff5c-31d34d0d0000 pid=3405 /usr/bin/wget net send-data write-file guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=dc9d0d02-1700-0000-ff5c-31d34d0d0000 pid=3405 execve guuid=f72cb717-1700-0000-ff5c-31d3760d0000 pid=3446 /usr/bin/chmod guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=f72cb717-1700-0000-ff5c-31d3760d0000 pid=3446 execve guuid=08742b18-1700-0000-ff5c-31d3790d0000 pid=3449 /usr/bin/dash guuid=4c9f62ad-1600-0000-ff5c-31d3c60c0000 pid=3270->guuid=08742b18-1700-0000-ff5c-31d3790d0000 pid=3449 clone 9df19bce-d755-5940-91ff-d0e847757959 109.205.213.5:80 guuid=04da98ad-1600-0000-ff5c-31d3c80c0000 pid=3272->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=6c9affca-1600-0000-ff5c-31d3f60c0000 pid=3318->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=7d820ee7-1600-0000-ff5c-31d31f0d0000 pid=3359->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=dc9d0d02-1700-0000-ff5c-31d34d0d0000 pid=3405->9df19bce-d755-5940-91ff-d0e847757959 send: 140B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5103ef11f58315ecde61bf306c90eb328c2a2b1d9b2e8d379b52af9ebf271bc8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5103ef11f58315ecde61bf306c90eb328c2a2b1d9b2e8d379b52af9ebf271bc8/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-07 04:22:26 UTC
File Type:
Text (JavaScript)
AV detection:
10 of 38 (26.32%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=keb66epvqmk6zxtbx4ygzehlgkgcuky5tmxi2n43kkxz5pzhdpea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251007-fsa77ayxd1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5103ef11f58315ecde61bf306c90eb328c2a2b1d9b2e8d379b52af9ebf271bc8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5103ef11f58315ecde61bf306c90eb328c2a2b1d9b2e8d379b52af9ebf271bc8

(this sample)

Mirai

elf f7cd0f53c3618ec5564004d3b1bd0c21386e63699552dadc86b2035ecd16bf49

  
URLhaus
https://urlhaus.abuse.ch/url/3620255/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f91dfd04b53843a44f2926a8dc2584eb
  
Dropping
SHA256 f7cd0f53c3618ec5564004d3b1bd0c21386e63699552dadc86b2035ecd16bf49

Comments