MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 512f579b80c4bd3a4ec1af437e49eae80fa64836bc3927dc9efaf9500e99e08a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 512f579b80c4bd3a4ec1af437e49eae80fa64836bc3927dc9efaf9500e99e08a
SHA3-384 hash: 0ea3c9167475c073065f98b86f3eea6738fa5a7a09b8a79cc40f7c1961479f32c97656cde9a5a08fefa2234667a04af5
SHA1 hash: ff30de891e39b136733ab128c1394c5b8512401e
MD5 hash: 1cd290547ce5507f04eb8967c617f598
humanhash: kilo-green-oven-december
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'041 bytes
First seen:2025-08-04 11:18:17 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:01x+VtcArE+VVNI+3BEA+VGTKRiH+V5NZIq+VIQi+V3TNPcw+Vbg+VFB0KA+VJzr:vNI6RKBN++Cc434xn
TLSH T127116DFF17E15807813C8FD630A99610A24A82C3E5AC4FB965989C3B6DC8A14F049F1F
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.116.34/bins/morte.arma1fa785a37fd03276effde035c81addd23415dfa8ab4ccce30e7deb806d3bb24 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.arm54dcdfc88ddee2531c6caee9c75192843af953b42845654a86937ae82df6072ee Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.arm62ce39c00011d45b712f7310b3d3738c592edcb581b981010f37ddb3853dfdbd9 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.arm7d91ec037d4a3bd3da8068121fd9d0447dd5eb7549051e7122b5d217cdb46af81 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.m68kbec7cd4fd3d3921bcb4b581fb9474610cd702b70f5f93d91bc0ee424cfc94dda Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.mipsd17de3b065d524a85522d7ed5ab4b15575407c438be1ee5f892445b9148963bd Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.mpsl815ba825cad23a8791a89ce794d1df9048133a152c2b37ed05066b2d8c6a68e9 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.ppcaca86d90aef3a6b4ad4c0bab0bcac9b306e0f3db025b06735ece832013d40c11 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.sh4921022e867133faf030885d2a04b10224417a897c499cd4ee2481ae9c9cd4cb6 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.spc8f7c1622b81de5ba394145552b33b51e86a009392f7884408ba0507ea148b841 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.x86e41cf98b55686fca887f880de8ebb0d6b05e6b26649b0d95a59729081ac709f5 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.x86_64623a439ec19f826bdd9cd68d00e38279d60b5ccd8f6fab633b1c6e84207c75a1 Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/689097089dbaf6e4b2217609/reports/9f2907e7-b89a-4294-b7a9-337e3f57c181/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/512f579b80c4bd3a4ec1af437e49eae80fa64836bc3927dc9efaf9500e99e08a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/512f579b80c4bd3a4ec1af437e49eae80fa64836bc3927dc9efaf9500e99e08a/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/512f579b80c4bd3a4ec1af437e49eae80fa64836bc3927dc9efaf9500e99e08a
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-08-04 11:18:25 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kexvpg4ays6tutwbv5bx4spk5ah2msbwxq4spxe67l4vaduz4cfa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250804-nef6aa1qs6/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/512f579b80c4bd3a4ec1af437e49eae80fa64836bc3927dc9efaf9500e99e08a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 512f579b80c4bd3a4ec1af437e49eae80fa64836bc3927dc9efaf9500e99e08a

(this sample)

Mirai

elf b9f837260f33f795ed8441f7a233c7c7a6f4eb735a70e3b3411a7385f25c7ab0

Mirai

elf a1fa785a37fd03276effde035c81addd23415dfa8ab4ccce30e7deb806d3bb24

  
URLhaus
https://urlhaus.abuse.ch/url/3586691/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a2f2aec5e15b7c4beb73a49781e1b2bb
  
Dropping
SHA256 a1fa785a37fd03276effde035c81addd23415dfa8ab4ccce30e7deb806d3bb24

Comments