MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67386fc509cd12619d6bcf11e55e3bce8b6dbd028f4c474ae8ef0f4a5f6f860f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67386fc509cd12619d6bcf11e55e3bce8b6dbd028f4c474ae8ef0f4a5f6f860f
SHA3-384 hash: da3bd25e45e05a06bf49e1465151e27c2f6893266692688b0681ed46979126b74838692c6ee47740ac7d048c650dae35
SHA1 hash: e543ddc0e8ce0cec0e01d7fe228b2ea063ee4ab8
MD5 hash: a5b334f1a45b3516d6e69acc52c1a33e
humanhash: fanta-iowa-nebraska-xray
File name:abc3.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:982 bytes
First seen:2025-11-21 22:44:54 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:xf81RfYBgRfYNIIoRfCKSfRfS2Rfel95Rfu9mRfQlRfITlRf8qRf8/A:a1GBg0o8xfQ2295g9mOlGTlSq6/A
TLSH T1F61184CE09A924799CE8DF8C7079C018BDF4D6D97AA1CBDC5CACA8B362959346D00F4D
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://auth.nsotone.com/main_arm578c378c3e55dd7fa4490d05eebe961af15c7ac7932d1d99fc2d7c0149c30b263 Miraielf mirai ua-wget
http://auth.nsotone.com/main_arme72811a5507aee56ba5df45b763e273b3aed876daef643f6fcc87718e88fb122 Miraielf mirai ua-wget
http://auth.nsotone.com/main_arm6f2dba4a7f3537df00b6c19eafa672fa0432888b002d7d03cce54f8a52cd99395 Miraielf mirai ua-wget
http://auth.nsotone.com/main_arm70a7142fa5cffd96276983a5ea5feb14b4147f194b439fcf2b8eb406f49d12af3 Miraielf mirai ua-wget
http://auth.nsotone.com/main_m68k06a38c63851a69131a4a745fcf48140d890efa44102f2bb054b5a41da7f1980e Miraielf mirai ua-wget
http://auth.nsotone.com/main_mipsc7a6426b567cd168d6e1aa42e294100e1cc7a504354318bc29be46d5cb005e69 Miraielf mirai ua-wget
http://auth.nsotone.com/main_mpsl1478ad5e74455de7b0542254ed9ea9966fd6ebf4a222096e36de955b34194e3c Miraielf mirai ua-wget
http://auth.nsotone.com/main_ppc226e1f417c44288c2cfdd74065be38ba1fa704b133aafebedaa81a43714b9b3a Miraielf mirai ua-wget
http://auth.nsotone.com/main_sh482351c3d62cf110b0da95652d363fe6160d976a2df853c29c6bf4847b5c5d774 Miraielf mirai ua-wget
http://auth.nsotone.com/main_x86560679b45c8f78457cd1e09dc6a2ef3ac45b7b4b1afcf6ab5ed9892e82d4ef16 Miraielf mirai ua-wget
http://auth.nsotone.com/main_x86_647c67e18cee43a178fd36afc03bf4b52e34b71efa18459c2870135ac275a1d261 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash busybox lolbin mirai
Link:
https://www.filescan.io/uploads/6920eb99f96b58f0dc7f9308/reports/4dbb0f91-7c80-4a31-bff1-d2a91cb84696/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/67386fc509cd12619d6bcf11e55e3bce8b6dbd028f4c474ae8ef0f4a5f6f860f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/bb2cfdaa-eff9-4b77-b249-5123865e6776
Behavior Graph:
Download SVG
%3 guuid=c8228ef0-1e00-0000-2e80-dbea3e140000 pid=5182 /usr/bin/sudo guuid=368e3ef2-1e00-0000-2e80-dbea3f140000 pid=5183 /tmp/sample.bin guuid=c8228ef0-1e00-0000-2e80-dbea3e140000 pid=5182->guuid=368e3ef2-1e00-0000-2e80-dbea3f140000 pid=5183 execve guuid=b2c58df2-1e00-0000-2e80-dbea40140000 pid=5184 /usr/bin/busybox net send-data guuid=368e3ef2-1e00-0000-2e80-dbea3f140000 pid=5183->guuid=b2c58df2-1e00-0000-2e80-dbea40140000 pid=5184 execve guuid=e417d59c-2300-0000-2e80-dbea61140000 pid=5217 /usr/bin/chmod guuid=368e3ef2-1e00-0000-2e80-dbea3f140000 pid=5183->guuid=e417d59c-2300-0000-2e80-dbea61140000 pid=5217 execve guuid=182f679d-2300-0000-2e80-dbea62140000 pid=5218 /usr/bin/dash guuid=368e3ef2-1e00-0000-2e80-dbea3f140000 pid=5183->guuid=182f679d-2300-0000-2e80-dbea62140000 pid=5218 clone guuid=f12f7e9d-2300-0000-2e80-dbea63140000 pid=5219 /usr/bin/busybox net send-data guuid=368e3ef2-1e00-0000-2e80-dbea3f140000 pid=5183->guuid=f12f7e9d-2300-0000-2e80-dbea63140000 pid=5219 execve guuid=b7fec647-2800-0000-2e80-dbea64140000 pid=5220 /usr/bin/chmod guuid=368e3ef2-1e00-0000-2e80-dbea3f140000 pid=5183->guuid=b7fec647-2800-0000-2e80-dbea64140000 pid=5220 execve guuid=a97c3d48-2800-0000-2e80-dbea65140000 pid=5221 /usr/bin/dash guuid=368e3ef2-1e00-0000-2e80-dbea3f140000 pid=5183->guuid=a97c3d48-2800-0000-2e80-dbea65140000 pid=5221 clone guuid=1a3d5e48-2800-0000-2e80-dbea66140000 pid=5222 /usr/bin/busybox net send-data guuid=368e3ef2-1e00-0000-2e80-dbea3f140000 pid=5183->guuid=1a3d5e48-2800-0000-2e80-dbea66140000 pid=5222 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=b2c58df2-1e00-0000-2e80-dbea40140000 pid=5184->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 272B guuid=f12f7e9d-2300-0000-2e80-dbea63140000 pid=5219->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 272B guuid=1a3d5e48-2800-0000-2e80-dbea66140000 pid=5222->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 272B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/67386fc509cd12619d6bcf11e55e3bce8b6dbd028f4c474ae8ef0f4a5f6f860f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/67386fc509cd12619d6bcf11e55e3bce8b6dbd028f4c474ae8ef0f4a5f6f860f/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-21 22:45:44 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m44g7rijzujgdhllz4i6kxr3z2fw3picr5geosxi54huux3pqyhq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251121-2prawswqax/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/67386fc509cd12619d6bcf11e55e3bce8b6dbd028f4c474ae8ef0f4a5f6f860f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 67386fc509cd12619d6bcf11e55e3bce8b6dbd028f4c474ae8ef0f4a5f6f860f

(this sample)

Mirai

elf 78c378c3e55dd7fa4490d05eebe961af15c7ac7932d1d99fc2d7c0149c30b263

  
URLhaus
https://urlhaus.abuse.ch/url/3713709/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3713738/
  
Dropping
MD5 db9e75a11323becfc8500e756a057da8
  
Dropping
SHA256 78c378c3e55dd7fa4490d05eebe961af15c7ac7932d1d99fc2d7c0149c30b263

Comments