MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 610bae0a6f718b481455e6a3ba8667dfac2a463a24d6ba669831630fe323b38f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 610bae0a6f718b481455e6a3ba8667dfac2a463a24d6ba669831630fe323b38f
SHA3-384 hash: 2280b016f249ea0d50c6f46397a2eb8eebef4b0a5b64d99f45eab87593525cf3c3825c713d619d09487f1a770f6a9df1
SHA1 hash: 2de04d0d15cfd67f928cee559080028bd72895c7
MD5 hash: 6b9044c79b8dff92c4bf11fa5c69bba2
humanhash: beer-magnesium-steak-echo
File name:cr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'053 bytes
First seen:2025-10-02 05:37:13 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3HoHoaNHWNIQhH7vKgHZTH9HKE1xHgLHuTHMHueHJoUn:3J3lNIgKwHujoUn
TLSH T1ED1174F82065512B3704AF11B0EA94396CB7FAE2A0769DF4A07FE42351DB6D03722E75
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/UnHAnaAW.arm22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm54bab044accc55cd8b091514d74bfb44eaaea95272ee653e93948925e24b25c7a Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm69f32df4b92beb06bfed9f04284c434379715cfcba0a62fa6bd568928c146dfd4 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm751bb3572999cd4a4b25fd0cc06b061674df3373767c789ceff16b677a2e4bdc5 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.sh4139cf5e5c3b4a3175dfda683eaefe4e6bd5310afa3d6d679363a224a6c69feea Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.62/UnHAnaAW.ppc74e244774df73843123066181b2bb2ee1b7a62fedc22e6e936adc6e21307e42c Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.62/UnHAnaAW.mips1aeffd0f72ac38ac1af0f86a925957eb88cff0184d6628b48ee9f452dcf8ce9c Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mpslf91fa8a4c5e27570471adaa1d53a68ad32a4c38f8f9f12d74bbf5614b3baaf14 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.spcb19d8245d8adeb27944deefd2ae7662e4bda0c3098c964e94b5326acbec78755 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.62/UnHAnaAW.x8642efa473fa16cd174a1394892b7163f4e47c0434d1138d120135451514465617 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.x86_645c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.i586n/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/68de10ef6c140e5b350063bc/reports/bc5c56b9-6984-4bb1-88ac-d9dd313a9ef3/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-02T04:01:00Z UTC
Last seen:
2025-10-02T06:50:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/610bae0a6f718b481455e6a3ba8667dfac2a463a24d6ba669831630fe323b38f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/eccc4627-dfc1-42e2-b2c4-a3efd369a704
Behavior Graph:
Download SVG
%3 guuid=e1476e3e-1900-0000-e01a-ea86570c0000 pid=3159 /usr/bin/sudo guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167 /tmp/sample.bin guuid=e1476e3e-1900-0000-e01a-ea86570c0000 pid=3159->guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167 execve guuid=e42c7c41-1900-0000-e01a-ea86610c0000 pid=3169 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=e42c7c41-1900-0000-e01a-ea86610c0000 pid=3169 execve guuid=6df61557-1900-0000-e01a-ea86680c0000 pid=3176 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=6df61557-1900-0000-e01a-ea86680c0000 pid=3176 execve guuid=c6927c57-1900-0000-e01a-ea86690c0000 pid=3177 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=c6927c57-1900-0000-e01a-ea86690c0000 pid=3177 clone guuid=87cb9157-1900-0000-e01a-ea866a0c0000 pid=3178 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=87cb9157-1900-0000-e01a-ea866a0c0000 pid=3178 execve guuid=e47fca60-1900-0000-e01a-ea86790c0000 pid=3193 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=e47fca60-1900-0000-e01a-ea86790c0000 pid=3193 execve guuid=79890a61-1900-0000-e01a-ea867b0c0000 pid=3195 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=79890a61-1900-0000-e01a-ea867b0c0000 pid=3195 clone guuid=59a81461-1900-0000-e01a-ea867c0c0000 pid=3196 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=59a81461-1900-0000-e01a-ea867c0c0000 pid=3196 execve guuid=ad29aa68-1900-0000-e01a-ea868d0c0000 pid=3213 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=ad29aa68-1900-0000-e01a-ea868d0c0000 pid=3213 execve guuid=c95f7269-1900-0000-e01a-ea86910c0000 pid=3217 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=c95f7269-1900-0000-e01a-ea86910c0000 pid=3217 clone guuid=a63a8c69-1900-0000-e01a-ea86920c0000 pid=3218 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=a63a8c69-1900-0000-e01a-ea86920c0000 pid=3218 execve guuid=71853a76-1900-0000-e01a-ea86950c0000 pid=3221 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=71853a76-1900-0000-e01a-ea86950c0000 pid=3221 execve guuid=0924b476-1900-0000-e01a-ea86960c0000 pid=3222 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=0924b476-1900-0000-e01a-ea86960c0000 pid=3222 clone guuid=a0a3ca76-1900-0000-e01a-ea86970c0000 pid=3223 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=a0a3ca76-1900-0000-e01a-ea86970c0000 pid=3223 execve guuid=7cc4a181-1900-0000-e01a-ea86a00c0000 pid=3232 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=7cc4a181-1900-0000-e01a-ea86a00c0000 pid=3232 execve guuid=d4165d82-1900-0000-e01a-ea86a10c0000 pid=3233 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=d4165d82-1900-0000-e01a-ea86a10c0000 pid=3233 clone guuid=9c006e82-1900-0000-e01a-ea86a20c0000 pid=3234 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=9c006e82-1900-0000-e01a-ea86a20c0000 pid=3234 execve guuid=086c5d8a-1900-0000-e01a-ea86b00c0000 pid=3248 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=086c5d8a-1900-0000-e01a-ea86b00c0000 pid=3248 execve guuid=ae77be8a-1900-0000-e01a-ea86b10c0000 pid=3249 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=ae77be8a-1900-0000-e01a-ea86b10c0000 pid=3249 clone guuid=d109d78a-1900-0000-e01a-ea86b20c0000 pid=3250 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=d109d78a-1900-0000-e01a-ea86b20c0000 pid=3250 execve guuid=c5a66d91-1900-0000-e01a-ea86b40c0000 pid=3252 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=c5a66d91-1900-0000-e01a-ea86b40c0000 pid=3252 execve guuid=4b36e291-1900-0000-e01a-ea86b50c0000 pid=3253 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=4b36e291-1900-0000-e01a-ea86b50c0000 pid=3253 clone guuid=1288f591-1900-0000-e01a-ea86b60c0000 pid=3254 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=1288f591-1900-0000-e01a-ea86b60c0000 pid=3254 execve guuid=df0f079f-1900-0000-e01a-ea86cb0c0000 pid=3275 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=df0f079f-1900-0000-e01a-ea86cb0c0000 pid=3275 execve guuid=2d8eb29f-1900-0000-e01a-ea86cc0c0000 pid=3276 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=2d8eb29f-1900-0000-e01a-ea86cc0c0000 pid=3276 clone guuid=2928c49f-1900-0000-e01a-ea86cd0c0000 pid=3277 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=2928c49f-1900-0000-e01a-ea86cd0c0000 pid=3277 execve guuid=10b613aa-1900-0000-e01a-ea86e80c0000 pid=3304 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=10b613aa-1900-0000-e01a-ea86e80c0000 pid=3304 execve guuid=751556aa-1900-0000-e01a-ea86e90c0000 pid=3305 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=751556aa-1900-0000-e01a-ea86e90c0000 pid=3305 clone guuid=dec65faa-1900-0000-e01a-ea86ea0c0000 pid=3306 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=dec65faa-1900-0000-e01a-ea86ea0c0000 pid=3306 execve guuid=93f54aaf-1900-0000-e01a-ea86f80c0000 pid=3320 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=93f54aaf-1900-0000-e01a-ea86f80c0000 pid=3320 execve guuid=488e81af-1900-0000-e01a-ea86f90c0000 pid=3321 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=488e81af-1900-0000-e01a-ea86f90c0000 pid=3321 clone guuid=ddef89af-1900-0000-e01a-ea86fa0c0000 pid=3322 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=ddef89af-1900-0000-e01a-ea86fa0c0000 pid=3322 execve guuid=6b4b30b9-1900-0000-e01a-ea86190d0000 pid=3353 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=6b4b30b9-1900-0000-e01a-ea86190d0000 pid=3353 execve guuid=772c7bb9-1900-0000-e01a-ea861b0d0000 pid=3355 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=772c7bb9-1900-0000-e01a-ea861b0d0000 pid=3355 clone guuid=8ec687b9-1900-0000-e01a-ea861c0d0000 pid=3356 /usr/bin/curl net send-data guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=8ec687b9-1900-0000-e01a-ea861c0d0000 pid=3356 execve guuid=74416dbd-1900-0000-e01a-ea861e0d0000 pid=3358 /usr/bin/chmod guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=74416dbd-1900-0000-e01a-ea861e0d0000 pid=3358 execve guuid=8b8bd2bd-1900-0000-e01a-ea861f0d0000 pid=3359 /usr/bin/dash guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=8b8bd2bd-1900-0000-e01a-ea861f0d0000 pid=3359 clone guuid=e79ae3bd-1900-0000-e01a-ea86200d0000 pid=3360 /usr/bin/rm delete-file guuid=9bc30a41-1900-0000-e01a-ea865f0c0000 pid=3167->guuid=e79ae3bd-1900-0000-e01a-ea86200d0000 pid=3360 execve eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=e42c7c41-1900-0000-e01a-ea86610c0000 pid=3169->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=87cb9157-1900-0000-e01a-ea866a0c0000 pid=3178->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B guuid=59a81461-1900-0000-e01a-ea867c0c0000 pid=3196->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B guuid=a63a8c69-1900-0000-e01a-ea86920c0000 pid=3218->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B guuid=a0a3ca76-1900-0000-e01a-ea86970c0000 pid=3223->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=9c006e82-1900-0000-e01a-ea86a20c0000 pid=3234->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=d109d78a-1900-0000-e01a-ea86b20c0000 pid=3250->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B guuid=1288f591-1900-0000-e01a-ea86b60c0000 pid=3254->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B guuid=2928c49f-1900-0000-e01a-ea86cd0c0000 pid=3277->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=dec65faa-1900-0000-e01a-ea86ea0c0000 pid=3306->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=ddef89af-1900-0000-e01a-ea86fa0c0000 pid=3322->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 93B guuid=8ec687b9-1900-0000-e01a-ea861c0d0000 pid=3356->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/610bae0a6f718b481455e6a3ba8667dfac2a463a24d6ba669831630fe323b38f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/610bae0a6f718b481455e6a3ba8667dfac2a463a24d6ba669831630fe323b38f/
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-02 05:44:35 UTC
File Type:
Text
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mef24ctpogfuqfcv42r3vbth36wcurr2etlluzuygfrq7yzdwohq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251002-geg91ssqy6/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/610bae0a6f718b481455e6a3ba8667dfac2a463a24d6ba669831630fe323b38f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 610bae0a6f718b481455e6a3ba8667dfac2a463a24d6ba669831630fe323b38f

(this sample)

Mirai

elf dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932

  
URLhaus
https://urlhaus.abuse.ch/url/3639159/
  
Delivery method
Distributed via web download
  
Dropping
MD5 98e684e57fccda6c85ef49abf6e8fd3b
  
Dropping
SHA256 dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932
  
URLhaus
https://urlhaus.abuse.ch/url/3639174/
  
URLhaus
https://urlhaus.abuse.ch/url/3639210/

Comments