MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 545886805ffe657a86bf19523863886f497f7157692bc23e73ca323fa47a39e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 545886805ffe657a86bf19523863886f497f7157692bc23e73ca323fa47a39e2
SHA3-384 hash: d1f8cf9c55701268c98ae18cc3d5ac8503c14919f697c1d3ea3c8f4da648de3a187fb4745627952753558a29d8486e17
SHA1 hash: c9928156af84f24465907f6efe813e26196440c2
MD5 hash: 1b366dae68c9387a0ad5a04331bae56d
humanhash: purple-solar-pennsylvania-pluto
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'045 bytes
First seen:2025-03-27 20:33:20 UTC
Last seen:2025-03-28 15:20:59 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:bzWPgzWNzWL1DzWp2zWFdzWoizWzzWR+WzW9zWWvgdLqyzWLzWUSv:bz7zUzwDzJzmz1izoz5WzYz9KrzOzxSv
TLSH T1E611A2DE01D7A45AC135DD9032B1D8D9A10A82C3F6476981ED633E08EAE1E58783AE43
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.134.201:8080/drea4ba09b38de6fdc0070a5de7936d38d91b4bf5f7ae7946c742ab540f39a5797e51 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/vejfa56745dcd40d1713b1600ca407b521ea93d06e6149b22bc7664f86dd642a1f3a69 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/efea69ee8890752bdb16935d0cc7e392d79ab9ae03ff2da2b7ca8eac9ee1d9d8f2704 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/efefa7eeaa3a16026a21071a0ee3d9d50d007bd651c415084ae04ac09f8badc510cba1 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/eehah429fe29d299360cb012648b21347f4e811634c5ce45401d7879c93b2ae795d781 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/rjfe6868e2c4eeecb718f448c67a284cb4bcdb05e069dc57edfa7151394ae9f8510d2e3 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/vjwe68k5a6aee063f958111c044bfaf10110f55cbaa8bdab7e8bd2e6384e8b34dd711fc Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/efjepcedc3727bdbeea2c6bbee75ce8683dc5834253016056ad44a0885b29201b0a64e Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/jfeeps70cbf441b22213e9f00d5018574ff0f07f078a4c1b937b26acdbd9fde22050f5 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/weje6498a1fb8e1286c1f2ac2fadbb5f70b88eb1951756459ce4c34e7212248ae87193 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/rrrdsld2e47ce08383edf9a149066c6ba9251dd6693309a4deee21b1c82684dea1e372 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/bejv86398dee1e2b95913ce168d5f5e8b5e297fd076ea23cdf741fb128b23fe533cf77 Miraielf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
DE DE
Vendor Threat Intelligence
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67e5b64e6a150b67eec7bbd9/reports/c043a1ff-5505-4c4a-b51d-02967b8a1480/overview
Result
Verdict:
UNKNOWN
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/545886805ffe657a86bf19523863886f497f7157692bc23e73ca323fa47a39e2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/545886805ffe657a86bf19523863886f497f7157692bc23e73ca323fa47a39e2/
Threat name:
Document-HTML.Hacktool.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-03-27 20:34:16 UTC
File Type:
Text (Shell)
AV detection:
3 of 24 (12.50%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=krminac77zsxvbv7dfjdqy4in5ex64kxnev4epttzizd7jd2hhra._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250327-zcfyaazlz2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/545886805ffe657a86bf19523863886f497f7157692bc23e73ca323fa47a39e2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 545886805ffe657a86bf19523863886f497f7157692bc23e73ca323fa47a39e2

(this sample)

Mirai

elf 6d449dc4f26efe052f5d7c3a30131b306132ce6cdfd8d2d9bff84cc9c3dacd3c

  
URLhaus
https://urlhaus.abuse.ch/url/3477311/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3487131/
  
Dropping
MD5 5c8707477715a31d632bcea7cd620c49
  
Dropping
SHA256 6d449dc4f26efe052f5d7c3a30131b306132ce6cdfd8d2d9bff84cc9c3dacd3c

Comments