MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51f965c0203a0d2788b37e8b51f840d295c5dc63b2846969fe9fd3ea4778a1ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51f965c0203a0d2788b37e8b51f840d295c5dc63b2846969fe9fd3ea4778a1ca
SHA3-384 hash: d59205759fae24f40540e6bbea82f03705eea88697291b13344b1a60df7ce81cf6b2a8ffccfa2db6006db0a6fdbfb21b
SHA1 hash: 05a4d8684aa74d2f699bc61fad55d839ac1f82d4
MD5 hash: 007b993638ea593123a9de564acc4707
humanhash: eleven-william-tango-aspen
File name:pdvr
Download: download sample
Signature Mirai
Create hunting rule
File size:267 bytes
First seen:2025-07-05 13:09:09 UTC
Last seen:2025-07-05 18:42:34 UTC
File type: sh
MIME type:text/plain
ssdeep 3:hV/muU3/IfDSIQ1RsLAXuU3/IVKzSIOUauU3/IhNIOSIHK+uF+0uU3/I3GN3zSIm:z/nU3TsLFU36mU3iNIl50U3Ka0LKieo
TLSH T17ED08CAC32210AF748598EA3F03384D0603DE0CCA0B48B59798F04FE0DA26807414B05
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.208.158.140/arm8271f1f986b352fff15ea4a77cc5fec53c1d9dcca742d4a9c9d2ab6891eab18a Miraielf gafgyt mirai ua-wget
http://185.208.158.140/arm5575ef1a01819dd1f1c2c0fb09b0001725599230fc4ce03d197b52751ff85a341 Miraielf mirai ua-wget
http://185.208.158.140/arm66402c8ac9e7bcc47f493ed249ef2b5a0e1b0b317e0dbd8012b61d3507c67fd0e Miraielf mirai ua-wget
http://185.208.158.140/arm737d405a2afcd051f24faa7d536ac292e28148575a2ee02766b92046f413a3c57 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
16
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.37.2079.6240.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=686926a5900df8e7f86715ad
Tags:
n/a
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Mirai
Link:
https://www.hybrid-analysis.com/sample/51f965c0203a0d2788b37e8b51f840d295c5dc63b2846969fe9fd3ea4778a1ca
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7be21637-0f70-4178-8352-7c30073fdac8
Behavior Graph:
Download SVG
%3 guuid=18930eea-1700-0000-7a6b-0549920c0000 pid=3218 /usr/bin/sudo guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223 /tmp/sample.bin guuid=18930eea-1700-0000-7a6b-0549920c0000 pid=3218->guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223 execve guuid=5c31baed-1700-0000-7a6b-0549980c0000 pid=3224 /usr/bin/rm guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=5c31baed-1700-0000-7a6b-0549980c0000 pid=3224 execve guuid=9f0671ee-1700-0000-7a6b-0549990c0000 pid=3225 /usr/bin/wget net send-data write-file guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=9f0671ee-1700-0000-7a6b-0549990c0000 pid=3225 execve guuid=c9978cf7-1700-0000-7a6b-0549a30c0000 pid=3235 /usr/bin/chmod guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=c9978cf7-1700-0000-7a6b-0549a30c0000 pid=3235 execve guuid=3f4fc9f7-1700-0000-7a6b-0549a50c0000 pid=3237 /usr/bin/dash guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=3f4fc9f7-1700-0000-7a6b-0549a50c0000 pid=3237 clone guuid=5b1a3ff8-1700-0000-7a6b-0549a80c0000 pid=3240 /usr/bin/wget net send-data write-file guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=5b1a3ff8-1700-0000-7a6b-0549a80c0000 pid=3240 execve guuid=16ea05ff-1700-0000-7a6b-0549b30c0000 pid=3251 /usr/bin/chmod guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=16ea05ff-1700-0000-7a6b-0549b30c0000 pid=3251 execve guuid=ffe98aff-1700-0000-7a6b-0549b40c0000 pid=3252 /usr/bin/dash guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=ffe98aff-1700-0000-7a6b-0549b40c0000 pid=3252 clone guuid=0a565c01-1800-0000-7a6b-0549b70c0000 pid=3255 /usr/bin/wget net send-data guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=0a565c01-1800-0000-7a6b-0549b70c0000 pid=3255 execve guuid=20fca505-1800-0000-7a6b-0549bf0c0000 pid=3263 /usr/bin/chmod guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=20fca505-1800-0000-7a6b-0549bf0c0000 pid=3263 execve guuid=92db4d06-1800-0000-7a6b-0549c20c0000 pid=3266 /usr/bin/dash guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=92db4d06-1800-0000-7a6b-0549c20c0000 pid=3266 clone guuid=31088a06-1800-0000-7a6b-0549c40c0000 pid=3268 /usr/bin/wget net send-data write-file guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=31088a06-1800-0000-7a6b-0549c40c0000 pid=3268 execve guuid=b399c30d-1800-0000-7a6b-0549db0c0000 pid=3291 /usr/bin/chmod guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=b399c30d-1800-0000-7a6b-0549db0c0000 pid=3291 execve guuid=b4972d0e-1800-0000-7a6b-0549dc0c0000 pid=3292 /usr/bin/dash guuid=885851ed-1700-0000-7a6b-0549970c0000 pid=3223->guuid=b4972d0e-1800-0000-7a6b-0549dc0c0000 pid=3292 clone d7a8a074-3c0d-5bba-86a5-987a33f76043 185.208.158.140:80 guuid=9f0671ee-1700-0000-7a6b-0549990c0000 pid=3225->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=5b1a3ff8-1700-0000-7a6b-0549a80c0000 pid=3240->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=0a565c01-1800-0000-7a6b-0549b70c0000 pid=3255->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=31088a06-1800-0000-7a6b-0549c40c0000 pid=3268->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/51f965c0203a0d2788b37e8b51f840d295c5dc63b2846969fe9fd3ea4778a1ca
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51f965c0203a0d2788b37e8b51f840d295c5dc63b2846969fe9fd3ea4778a1ca/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-07-05 13:02:54 UTC
File Type:
Text (Shell)
AV detection:
8 of 37 (21.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kh4wlqbahigspcftp2fvd6ca2kk4lxddwkcgs2p6t7j6ur3yuhfa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250705-qknhnazky9/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/51f965c0203a0d2788b37e8b51f840d295c5dc63b2846969fe9fd3ea4778a1ca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 51f965c0203a0d2788b37e8b51f840d295c5dc63b2846969fe9fd3ea4778a1ca

(this sample)

Mirai

elf af34a160b149068ea1334688e11dd052a0007b48432286e49f033de6c3c8209b

  
URLhaus
https://urlhaus.abuse.ch/url/3576620/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3576622/
  
Dropping
MD5 0ad30a0dcbcdb3e3bc73fa9ef04c9a2f
  
Dropping
SHA256 af34a160b149068ea1334688e11dd052a0007b48432286e49f033de6c3c8209b

Comments