MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 531279abcddc187ad6309acfb31836e70bf736453e5eab22879d3b1249e76503. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 531279abcddc187ad6309acfb31836e70bf736453e5eab22879d3b1249e76503
SHA3-384 hash: df1d3beaac2ce4c4717c0c3dea7dd4e3af450cc95537bbd1e2a9ae0cd91356a1b016e6b2a5095197a80a7945b66653b9
SHA1 hash: 96e223244179895c34999b0cdc7dfe40c94987e4
MD5 hash: dc98461c0fe76173ffe836640a066306
humanhash: timing-sixteen-iowa-xray
File name:go.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'110 bytes
First seen:2025-11-27 07:28:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:SOjn6fofvtE46fofcrUfofWjoKYfof5LSfof0f8fofVHGfof4LMfof0G4Wfofhpq:SOjnYofvt1YofcrGofWjnKof5Lwof0f2
TLSH T1094192EF106220772989CF94F773D854A51D66D22DD3CE4D7CB8186B917BC1CE948AC8
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://93.88.204.7/x865803872bb60628ce0e5ea4448ca57cc583f76407dcdd54485d52d71ae03f8be8 Miraielf geofenced mirai ua-wget USA x86
http://93.88.204.7/arm5ad12f66a93a0d6f31e96bc9d8ae3c0d69dbed71a8e4274d071b1a7da43eef9fd Miraiarm elf geofenced mirai ua-wget USA
http://93.88.204.7/arm4fc47087f151f3f5fa3d456ca128f5a82e3496adc15fec7e30692a88c4513794d Miraiarm elf geofenced mirai ua-wget USA
http://93.88.204.7/arm6e54f8e2e14d3344c7f7c7ccf607183d926a35aa234cbae75565dc9c95a86336d Miraiarm elf geofenced mirai ua-wget USA
http://93.88.204.7/arm769d3c6dc1dcfb9db3bb893a373d2c9611a79f71e71b2d52ca43ef8b369cf40e8 Miraiarm elf geofenced mirai ua-wget USA
http://93.88.204.7/m68k5d0e5b8a6a831be96298de791c5216fbf20f5c5acc420258c3a5d81782bedd6c Miraielf geofenced m68k mirai ua-wget USA
http://93.88.204.7/mips8130c4ad993f7a01e9bdb1fa83fd4d90b13fce33771041ea53b8882a6ca1ce7d Miraielf geofenced mips mirai ua-wget USA
http://93.88.204.7/mipsel020b3c9a83e311f217adeab616042f0cd5a9b391ed9a48d8099ef7504885ddd9 Miraielf geofenced mips mirai ua-wget USA
http://93.88.204.7/powerpcn/an/aelf ua-wget
http://93.88.204.7/sh48cac54bc651e023650deec2d05080304f0828d30193f750979166eb8575787ac Miraielf geofenced mirai SuperH ua-wget USA
http://93.88.204.7/sparcdb370a684aad0eb4d1866eded17ba314a9f1d7e3a643383bd56e89c38cd84f54 Miraielf geofenced mirai sparc ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PUA.Shell.DeleteHistory-2.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/6927fdcbcf370871515ec6b0/reports/d6a9ceaf-ecc5-4ad4-961e-c0c848e5258c/overview
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/531279abcddc187ad6309acfb31836e70bf736453e5eab22879d3b1249e76503
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/531279abcddc187ad6309acfb31836e70bf736453e5eab22879d3b1249e76503/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kmjhtk6n3qmhvvrqtlh3ggbw44f7onsfhzpkwiuhtu5resphmubq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251127-jbclgadq7w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/531279abcddc187ad6309acfb31836e70bf736453e5eab22879d3b1249e76503

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 531279abcddc187ad6309acfb31836e70bf736453e5eab22879d3b1249e76503

(this sample)

Mirai

elf 5803872bb60628ce0e5ea4448ca57cc583f76407dcdd54485d52d71ae03f8be8

  
URLhaus
https://urlhaus.abuse.ch/url/3717765/
  
Delivery method
Distributed via web download
  
Dropping
MD5 17cb06abf1eb566863518dabe189b999
  
Dropping
SHA256 5803872bb60628ce0e5ea4448ca57cc583f76407dcdd54485d52d71ae03f8be8

Comments