MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51b1d643a14b5c081b4a836bb80812e7866811ab8f90cf8ace4744565408d16a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51b1d643a14b5c081b4a836bb80812e7866811ab8f90cf8ace4744565408d16a
SHA3-384 hash: 86fbb587970742fe8ef4eb42537f4fdec86ef9c4a1aef476be63de683985ae84e09bc144a789ed1b35d7f316c6f21bf4
SHA1 hash: 19bf100cae7a6a8fa9a42d0368ff1918c9b796ac
MD5 hash: a9f753da46e0678e9652f1417378e79a
humanhash: snake-yankee-autumn-london
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'604 bytes
First seen:2025-03-07 00:16:56 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:Fgovg3zB7vKhOMcvGbNLvuibW107o946IfpjfJvxcttoE6oW9:iovgDB7vKTcvGJLvuCQ07E5Ixtpk+H9
TLSH T16331C4C518D1277ECCD9D5257792D0BE606C29C52E2B2EDCE8DE28D8B640A92F064ECD
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.134.5/jklarmc4fd68b20997f3c8a60dbadf177b3309d465f0a8bb0ad9b33b4c70ee74dc3a90 Mirai403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm57568e9e64ac1105cdcae20095154214ee943b2edc6c01e6d4b4eb0b7e06255a3 Mirai403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm641342a887d2be09cf0165913b43a5916492e677d20429068d4829a090453ccbb Mirai403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm7fe4e8d464b7849a5483782d0c47e53deaf199e284badad12ed98ca79e47a79d9 Mirai403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklm68k2866188e4567599fab76b51f822d9a402bc85af7f74dd1927f6ea1af1632a3f2 Miraielf mirai
http://176.65.134.5/jklmipsef931d8ba4966260112b7ed31a1e0b5cd4423becc0397e8eeaee345de903a1ab Mirai403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklmpsl9cf41e60807702cd85a42ffcabb10f2798193200a381b47f3adbebe65f8360aa Mirai403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklppc5573fc70c149f6676e1bae8e8a07d916b1690aeb06320689e17a54651c2c7133 Miraielf mirai
http://176.65.134.5/jklsh4b31d22cb1050faa0328fe4f05f03f450bbaccdc4a983d85f058cee4296890280 Miraielf mirai
http://176.65.134.5/jklspc3aa1d026ee53ee5a28402ca88d0dd08568cefc831aad924ea8123152bf6d529c Miraielf mirai
http://176.65.134.5/jklx86fb1458decd00d0895af791f8fe6a8cbb5cc2a89e99e8c1aa7e4d5bda4cb87d0b Miraielf mirai
http://176.65.134.5/jklarcfb1458decd00d0895af791f8fe6a8cbb5cc2a89e99e8c1aa7e4d5bda4cb87d0b Miraielf

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67ca3c0dc8d04e92a4bf8215linux22vpnfull_triage
Tags:
phishing mirai
Result
Verdict:
UNKNOWN
Score:
82%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/51b1d643a14b5c081b4a836bb80812e7866811ab8f90cf8ace4744565408d16a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51b1d643a14b5c081b4a836bb80812e7866811ab8f90cf8ace4744565408d16a/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-03-07 00:17:21 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kgy5mq5bjnoaqg2kqnv3qcas46dgqenlr6im7cwoi5cfmvai2fva._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:botnet botnet credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/250307-ak7crs1nt6/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Reads system network configuration
Reads process memory
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Renames itself
Unexpected DNS network traffic destination
Contacts a large (174924) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/51b1d643a14b5c081b4a836bb80812e7866811ab8f90cf8ace4744565408d16a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 51b1d643a14b5c081b4a836bb80812e7866811ab8f90cf8ace4744565408d16a

(this sample)

Mirai

elf fc96aa360ca3f3318444f338f9131a9a43c00beb3e812e639cfe80f07219c9a7

  
URLhaus
https://urlhaus.abuse.ch/url/3458655/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3458837/
  
URLhaus
https://urlhaus.abuse.ch/url/3470128/
  
Dropping
MD5 a2e0300a38d49740dd9af7820f2e2b6b
  
Dropping
SHA256 fc96aa360ca3f3318444f338f9131a9a43c00beb3e812e639cfe80f07219c9a7

Comments