MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6104f3f7e2707ccab32ff8a7f7d9ff57df49c8127eb0cd6f7d977be2d4cb53e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6104f3f7e2707ccab32ff8a7f7d9ff57df49c8127eb0cd6f7d977be2d4cb53e5
SHA3-384 hash: a4126b1bf0709c495fba7294e7f448b4a9fafd498a963ae40e0a51d833b9a098b5cc0658c703d993bba0dad6ea548db9
SHA1 hash: ff45f57a3f41499f0c7d5037bb485d6de5133ba3
MD5 hash: 0ea532a833c951d4384d03882725fd0c
humanhash: finch-finch-cardinal-ten
File name:nu
Download: download sample
Signature Mirai
Create hunting rule
File size:252 bytes
First seen:2025-10-05 03:46:46 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hfRDiVYs5CYf53IdL4jKF3FoF/HVKhOXqIKXD73IKX+N1IC0q1IKBKW:ZReEYAL4jVFvghsOThFO8W
TLSH T1F8D05E89B4534C72387888706FEB3894F40F824A5D0AA59A76C91229ABD46907091563
Magika shell
Reporter abuse_ch
Tags:mirai sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68e1ea2e7c75fa33a277c3c5/reports/4f83854b-e954-4495-b101-be9e638aa515/overview
Verdict:
Malicious
Labled as:
Bash.MiraiB.Generic
Link:
https://www.hybrid-analysis.com/sample/6104f3f7e2707ccab32ff8a7f7d9ff57df49c8127eb0cd6f7d977be2d4cb53e5
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-05T01:39:00Z UTC
Last seen:
2025-10-05T06:05:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6104f3f7e2707ccab32ff8a7f7d9ff57df49c8127eb0cd6f7d977be2d4cb53e5/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b1f78e9e-339d-4ce0-a3da-bd08184353cb
Behavior Graph:
Download SVG
%3 guuid=8540708f-1a00-0000-2044-b944250a0000 pid=2597 /usr/bin/sudo guuid=ba569a91-1a00-0000-2044-b9442f0a0000 pid=2607 /tmp/sample.bin guuid=8540708f-1a00-0000-2044-b944250a0000 pid=2597->guuid=ba569a91-1a00-0000-2044-b9442f0a0000 pid=2607 execve guuid=856aef91-1a00-0000-2044-b944310a0000 pid=2609 /usr/bin/wget net send-data write-file guuid=ba569a91-1a00-0000-2044-b9442f0a0000 pid=2607->guuid=856aef91-1a00-0000-2044-b944310a0000 pid=2609 execve guuid=16a377aa-1a00-0000-2044-b944700a0000 pid=2672 /usr/bin/chmod guuid=ba569a91-1a00-0000-2044-b9442f0a0000 pid=2607->guuid=16a377aa-1a00-0000-2044-b944700a0000 pid=2672 execve guuid=40d6c9aa-1a00-0000-2044-b944720a0000 pid=2674 /usr/bin/dash guuid=ba569a91-1a00-0000-2044-b9442f0a0000 pid=2607->guuid=40d6c9aa-1a00-0000-2044-b944720a0000 pid=2674 clone guuid=66e94aac-1a00-0000-2044-b944770a0000 pid=2679 /usr/bin/rm delete-file guuid=ba569a91-1a00-0000-2044-b9442f0a0000 pid=2607->guuid=66e94aac-1a00-0000-2044-b944770a0000 pid=2679 execve 9df19bce-d755-5940-91ff-d0e847757959 109.205.213.5:80 guuid=856aef91-1a00-0000-2044-b944310a0000 pid=2609->9df19bce-d755-5940-91ff-d0e847757959 send: 141B
Score:
94%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6104f3f7e2707ccab32ff8a7f7d9ff57df49c8127eb0cd6f7d977be2d4cb53e5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6104f3f7e2707ccab32ff8a7f7d9ff57df49c8127eb0cd6f7d977be2d4cb53e5/
Threat name:
Script-Shell.Downloader.MiraiB
Create hunting rule
Status:
Malicious
First seen:
2025-10-05 04:10:11 UTC
File Type:
Text (Shell)
AV detection:
12 of 37 (32.43%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mecph57cob6mvmzp7ct7pwp7k7putsasp2ym2335s556fvglkpsq._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
credential_access defense_evasion discovery execution linux persistence privilege_escalation
Link:
https://tria.ge/reports/251005-g5rw5swm18/
Behaviour
Reads runtime system information
Writes file to tmp directory
Changes its process name
Reads process memory
Creates/modifies Cron job
Modifies init.d
Modifies rc script
File and Directory Permissions Modification
Executes dropped EXE
Contacts a large (162582) amount of remote hosts
Creates a large amount of network flows
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/6104f3f7e2707ccab32ff8a7f7d9ff57df49c8127eb0cd6f7d977be2d4cb53e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6104f3f7e2707ccab32ff8a7f7d9ff57df49c8127eb0cd6f7d977be2d4cb53e5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3626378/
  
Delivery method
Distributed via web download

Comments