MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 641fa2d3da1bbd288a0d43e00be4d5f68ad3e61c6039a2f1adcd0be5df0aa188. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 641fa2d3da1bbd288a0d43e00be4d5f68ad3e61c6039a2f1adcd0be5df0aa188
SHA3-384 hash: 3a3d2578eb0635dd3f13902856991417f90ba4921b00ef52d51c03bdaf12a7a0b261c26a3967d187abaad0132cacba3d
SHA1 hash: 187316fbdc905c4db5f0f597b3d24cb37e78206a
MD5 hash: 1b23c9b53e52a879e0de37533ca1cc31
humanhash: hot-uranus-oven-king
File name:smc2
Download: download sample
Signature Mirai
Create hunting rule
File size:312 bytes
First seen:2025-12-05 18:21:10 UTC
Last seen:2025-12-06 07:23:16 UTC
File type: sh
MIME type:text/plain
ssdeep 6:LMFt5/XjzbgMFt5/laLaNgp4CgMFt5/pFGNIvF+69gMFt5/nfiAK6isr:othXjzLthlaLaNgpvthSNIE6xthfLK6R
TLSH T1F5E04CFD406BDF57C1055D09B07AE873B033D7DAA2A1DE07AFC8A43AA198930B132E55
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/splarm4n/an/aelf ua-wget
http://213.209.143.64/splarm52a9500af556d33ba63010baf25c7889f3820cfb3ae73bf1e8c9308c6687a3d86 Miraielf mirai ua-wget
http://213.209.143.64/splarm6fa9c55993474f595798a26c92346219f18341bc7ac8ead9effa655a2db87a6fe Miraielf mirai ua-wget
http://213.209.143.64/splarm79fe549c71c620f6572f5c8815dea0d4401af11397444ada0cda8bd2b0fbc1efe Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
21
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/693324c36019bc7a8f818e27/reports/bc068330-1d6e-42f9-997a-99514f52feb1/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-05T17:00:00Z UTC
Last seen:
2025-12-07T12:20:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/641fa2d3da1bbd288a0d43e00be4d5f68ad3e61c6039a2f1adcd0be5df0aa188/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/641fa2d3da1bbd288a0d43e00be4d5f68ad3e61c6039a2f1adcd0be5df0aa188
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/641fa2d3da1bbd288a0d43e00be4d5f68ad3e61c6039a2f1adcd0be5df0aa188/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 18:30:34 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mqp2fu62do6srcqnipqaxzgv62fnhzq4ma42f4nnzuf6lxykugea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251205-w5rzgaxlcs/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/641fa2d3da1bbd288a0d43e00be4d5f68ad3e61c6039a2f1adcd0be5df0aa188

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 641fa2d3da1bbd288a0d43e00be4d5f68ad3e61c6039a2f1adcd0be5df0aa188

(this sample)

Mirai

elf 6d3f52e60c34ab860794f3341ea45b821b70b314640e29dc70ccbc24e88a2dbf

  
URLhaus
https://urlhaus.abuse.ch/url/3726356/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3726408/
  
URLhaus
https://urlhaus.abuse.ch/url/3726417/
  
Dropping
MD5 eea7c44276ceaa65af6dadc7b0d3c395
  
Dropping
SHA256 6d3f52e60c34ab860794f3341ea45b821b70b314640e29dc70ccbc24e88a2dbf
  
URLhaus
https://urlhaus.abuse.ch/url/3727616/
  
URLhaus
https://urlhaus.abuse.ch/url/3727624/
  
URLhaus
https://urlhaus.abuse.ch/url/3727715/

Comments