MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6667c4b3ed4e73b0cd3638d00f80dd4bd25038fdfb8afd16fb75314d5ef67131. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6667c4b3ed4e73b0cd3638d00f80dd4bd25038fdfb8afd16fb75314d5ef67131
SHA3-384 hash: fe76f9b9410a590d92a4528d1a392de8e147d153b28c36f3b7af8accf1a11fa8e0332c79467c8f060e4eb6ac44eb0069
SHA1 hash: 8780e3db00cd94d1b61ecb2a133a40b27252f758
MD5 hash: a285aa35bfe007aedce959fd65c42301
humanhash: black-artist-texas-bravo
File name:5
Download: download sample
Signature Mirai
Create hunting rule
File size:4'709 bytes
First seen:2025-06-19 15:36:34 UTC
Last seen:2025-08-02 23:20:53 UTC
File type: sh
MIME type:text/plain
ssdeep 96:1xER+vREGcPaX4kNstCft4GgrWXmcGRX5f/JYMSV:HzXLNstCft+rWXm7XxKxV
TLSH T17EA1B0C93E621277CE549F2AE716C52F3C4A90D0C1208FF5286A70BC7CBBD44EB61566
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.116.9/z/89/mips79ab393b5c0b62a5e4272793f0f4e4d42762fe4cd7daa4555fb0b2ddb0dc77ee Miraielf mirai ua-wget
http://196.251.116.9/z/89/mpsl342b3027479e52477e392189cfb728f709d705856afa7c9ee7ce2a555b0050d6 Miraielf mirai ua-wget
http://196.251.116.9/z/89/x86_64b711de28c460548a23b75a63e61cfe559c8a3534af1bbb5497cca20ce95ea193 Miraielf mirai ua-wget
http://196.251.116.9/z/89/arm4n/an/aelf ua-wget
http://196.251.116.9/z/89/arm537a352c914d463e97fd51ca4c3a23ef5cd75e853e395239a11bce808e33bf1fd Miraielf mirai ua-wget
http://196.251.116.9/z/89/arm6ab66ba18ba7aef0d63af43ecc2cc8388cc461072bc7d6103ac89704deee8e60d Miraielf mirai ua-wget
http://196.251.116.9/z/89/arm751e83cce6c75d1baf3c7e7ab255c53d3f02f0fe71bb071ce68333c38e98e739e Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685467e3c0425dfc161b1a89linux22vpnfull_triage
Tags:
agent virus hype
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6667c4b3ed4e73b0cd3638d00f80dd4bd25038fdfb8afd16fb75314d5ef67131
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/91347180-51c0-4e0d-90bf-740d6c76a495
Behavior Graph:
Download SVG
%3 guuid=ce8c9ff5-1700-0000-c756-7c06fb0c0000 pid=3323 /usr/bin/sudo guuid=8e00d0f7-1700-0000-c756-7c06fc0c0000 pid=3324 /tmp/sample.bin guuid=ce8c9ff5-1700-0000-c756-7c06fb0c0000 pid=3323->guuid=8e00d0f7-1700-0000-c756-7c06fc0c0000 pid=3324 execve guuid=5afb2208-1800-0000-c756-7c06fd0c0000 pid=3325 /usr/bin/killall guuid=8e00d0f7-1700-0000-c756-7c06fc0c0000 pid=3324->guuid=5afb2208-1800-0000-c756-7c06fd0c0000 pid=3325 execve guuid=1dc1fc0d-1800-0000-c756-7c06020d0000 pid=3330 /usr/bin/killall guuid=8e00d0f7-1700-0000-c756-7c06fc0c0000 pid=3324->guuid=1dc1fc0d-1800-0000-c756-7c06020d0000 pid=3330 execve guuid=9da6f50e-1800-0000-c756-7c06040d0000 pid=3332 /usr/bin/wget net send-data guuid=8e00d0f7-1700-0000-c756-7c06fc0c0000 pid=3324->guuid=9da6f50e-1800-0000-c756-7c06040d0000 pid=3332 execve f1921682-b4be-5343-8744-1d45d5864024 196.251.116.9:80 guuid=9da6f50e-1800-0000-c756-7c06040d0000 pid=3332->f1921682-b4be-5343-8744-1d45d5864024 send: 411B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6667c4b3ed4e73b0cd3638d00f80dd4bd25038fdfb8afd16fb75314d5ef67131
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6667c4b3ed4e73b0cd3638d00f80dd4bd25038fdfb8afd16fb75314d5ef67131/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/6667c4b3ed4e73b0cd3638d00f80dd4bd25038fdfb8afd16fb75314d5ef67131
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-06-15 11:44:02 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mzt4jm7njzz3btjwhdia7ag5jpjfaoh57ofp2fx3ouyu2xxwoeyq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250619-ycsreaxwe1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6667c4b3ed4e73b0cd3638d00f80dd4bd25038fdfb8afd16fb75314d5ef67131

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6667c4b3ed4e73b0cd3638d00f80dd4bd25038fdfb8afd16fb75314d5ef67131

(this sample)

Mirai

elf 79ab393b5c0b62a5e4272793f0f4e4d42762fe4cd7daa4555fb0b2ddb0dc77ee

  
URLhaus
https://urlhaus.abuse.ch/url/3568371/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f97d3cf4f783bd788dd40578e98d2639
  
Dropping
SHA256 79ab393b5c0b62a5e4272793f0f4e4d42762fe4cd7daa4555fb0b2ddb0dc77ee

Comments