MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62a5ee263367bdad9a7cb62054a8b4b0b192106bd2c0a31bc571876887d182d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62a5ee263367bdad9a7cb62054a8b4b0b192106bd2c0a31bc571876887d182d2
SHA3-384 hash: 3699e4ac27aa3fdfe8dc33835c180d723df614379aede609b6da5ad12a8f7831497a6e4f734c982514b87c4e20958a40
SHA1 hash: 9a7dd6548b4d84d0017dde42dfe7b2b61964cdf3
MD5 hash: c6c2027bc2bd9350a8c0b635649b8190
humanhash: football-mexico-west-high
File name:load.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:878 bytes
First seen:2025-10-20 01:12:14 UTC
Last seen:2025-10-20 12:05:49 UTC
File type: sh
MIME type:text/plain
ssdeep 12:BFXFEuPx0rLo2FXPx0rLokEFBBPx0rLozjFiaPx0rLHq:BFVEQ+Qif+QDv+Qd/+Pq
TLSH T1F0115ACA5024A33C18CCF91E21728729A04B65B675D71E69D2DC39327509E6CF8E9F2D
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://192.142.10.111/d/xd.x86_6427de02b9ede26835418ab8357b97d0e5f73d81d3f31e585c8fef28579d1d78a5 Miraielf geofenced mirai ua-wget USA x86
http://192.142.10.111/d/xd.mips1450edb85addb9d3b48f93b5350bf2fb22f980a569bf2400e6d1f0ed6125d790 Miraimirai opendir
http://192.142.10.111/d/xd.arm435ca810ac4e8c89c3f15e4ce14025bc8016ec51e651cefd837bd57dcedcec4c Miraimirai opendir
http://192.142.10.111/d/xd.mpsla2d1925fc5c2e1c28ad5940c6ba68b8998cd4481c1ab909b29a4466333f7d974 Miraimirai opendir

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
File Type:
text
First seen:
2025-10-19T23:25:00Z UTC
Last seen:
2025-10-20T01:17:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/62a5ee263367bdad9a7cb62054a8b4b0b192106bd2c0a31bc571876887d182d2/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f3f8651b-25c2-4b31-ae4b-b9ae7f6d6ba7
Behavior Graph:
Download SVG
%3 guuid=a570d30d-1a00-0000-cb92-f2f40e090000 pid=2318 /usr/bin/sudo guuid=b8664911-1a00-0000-cb92-f2f413090000 pid=2323 /tmp/sample.bin guuid=a570d30d-1a00-0000-cb92-f2f40e090000 pid=2318->guuid=b8664911-1a00-0000-cb92-f2f413090000 pid=2323 execve guuid=d035a911-1a00-0000-cb92-f2f415090000 pid=2325 /usr/bin/wget net send-data write-file guuid=b8664911-1a00-0000-cb92-f2f413090000 pid=2323->guuid=d035a911-1a00-0000-cb92-f2f415090000 pid=2325 execve guuid=e19b081a-1a00-0000-cb92-f2f421090000 pid=2337 /usr/bin/chmod guuid=b8664911-1a00-0000-cb92-f2f413090000 pid=2323->guuid=e19b081a-1a00-0000-cb92-f2f421090000 pid=2337 execve guuid=bfcc5c1a-1a00-0000-cb92-f2f423090000 pid=2339 /tmp/.b net guuid=b8664911-1a00-0000-cb92-f2f413090000 pid=2323->guuid=bfcc5c1a-1a00-0000-cb92-f2f423090000 pid=2339 execve guuid=2285881a-1a00-0000-cb92-f2f426090000 pid=2342 /usr/bin/rm delete-file guuid=b8664911-1a00-0000-cb92-f2f413090000 pid=2323->guuid=2285881a-1a00-0000-cb92-f2f426090000 pid=2342 execve 731c8512-fd62-5662-bb47-58a1813c31ee 192.142.10.111:80 guuid=d035a911-1a00-0000-cb92-f2f415090000 pid=2325->731c8512-fd62-5662-bb47-58a1813c31ee send: 140B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=bfcc5c1a-1a00-0000-cb92-f2f423090000 pid=2339->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5d24771a-1a00-0000-cb92-f2f424090000 pid=2340 /tmp/.b zombie guuid=bfcc5c1a-1a00-0000-cb92-f2f423090000 pid=2339->guuid=5d24771a-1a00-0000-cb92-f2f424090000 pid=2340 clone guuid=e1b77b1a-1a00-0000-cb92-f2f425090000 pid=2341 /tmp/.b net send-data zombie guuid=bfcc5c1a-1a00-0000-cb92-f2f423090000 pid=2339->guuid=e1b77b1a-1a00-0000-cb92-f2f425090000 pid=2341 clone guuid=e1b77b1a-1a00-0000-cb92-f2f425090000 pid=2341->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 160B dab2c91e-3561-55f3-971e-a31c67bcfdaf 192.142.10.111:9507 guuid=e1b77b1a-1a00-0000-cb92-f2f425090000 pid=2341->dab2c91e-3561-55f3-971e-a31c67bcfdaf send: 9B guuid=a1e88b1a-1a00-0000-cb92-f2f427090000 pid=2343 /tmp/.b guuid=e1b77b1a-1a00-0000-cb92-f2f425090000 pid=2341->guuid=a1e88b1a-1a00-0000-cb92-f2f427090000 pid=2343 clone guuid=b1a18f1a-1a00-0000-cb92-f2f428090000 pid=2344 /tmp/.b guuid=e1b77b1a-1a00-0000-cb92-f2f425090000 pid=2341->guuid=b1a18f1a-1a00-0000-cb92-f2f428090000 pid=2344 clone guuid=2750931a-1a00-0000-cb92-f2f42a090000 pid=2346 /tmp/.b net net-scan send-data guuid=e1b77b1a-1a00-0000-cb92-f2f425090000 pid=2341->guuid=2750931a-1a00-0000-cb92-f2f42a090000 pid=2346 clone guuid=2750931a-1a00-0000-cb92-f2f42a090000 pid=2346->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2750931a-1a00-0000-cb92-f2f42a090000 pid=2346|send-data send-data to 4097 IP addresses review logs to see them all guuid=2750931a-1a00-0000-cb92-f2f42a090000 pid=2346->guuid=2750931a-1a00-0000-cb92-f2f42a090000 pid=2346|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/62a5ee263367bdad9a7cb62054a8b4b0b192106bd2c0a31bc571876887d182d2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62a5ee263367bdad9a7cb62054a8b4b0b192106bd2c0a31bc571876887d182d2/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-20 01:13:26 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mks64jrtm6623gt4wyqfjkfuwcyzeedl2lakgg6fogdwrb6rqlja._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251020-bkvveaep4s/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/62a5ee263367bdad9a7cb62054a8b4b0b192106bd2c0a31bc571876887d182d2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 62a5ee263367bdad9a7cb62054a8b4b0b192106bd2c0a31bc571876887d182d2

(this sample)

Mirai

elf 27de02b9ede26835418ab8357b97d0e5f73d81d3f31e585c8fef28579d1d78a5

  
URLhaus
https://urlhaus.abuse.ch/url/3681938/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e882cb2db693d413b8c504c9472b72a8
  
Dropping
SHA256 27de02b9ede26835418ab8357b97d0e5f73d81d3f31e585c8fef28579d1d78a5

Comments