MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 675456c78cb4e8f94b9635cea6e2bb74a488fb6fdd906209e2dd7bcaea50d247. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 675456c78cb4e8f94b9635cea6e2bb74a488fb6fdd906209e2dd7bcaea50d247
SHA3-384 hash: 414a734a1718674aa528c8541dffc4455890d445106b0d25e5f7234ed0ffbf8ea889e7ef87af0581d3ba78b4551f33cc
SHA1 hash: 955b9f402496d2dc59be3a178dd14ad4262815e0
MD5 hash: 1246c230014e39e26a87a80c23cf93d8
humanhash: minnesota-pasta-north-october
File name:ze
Download: download sample
Signature Mirai
Create hunting rule
File size:605 bytes
First seen:2025-12-05 18:23:19 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:sh2AMqFKOhoTwAewRWmOh/nAW1COh/4AJKOh/6NIlABLOh/SaqAXF:enM6c1xWPoW1blJDiNIaBoKuV
TLSH T11BF0316E0307752B422F9D39757557C57032BB4EB007EE8DBC40A63AE2C8DA86052D68
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/zermips3f622b288e8182003119ed88145a8c767b94813a364eae2c6e12344c8787ca3e Miraielf mirai ua-wget
http://213.209.143.64/zermpsld601648e9899e851aeed28f8647b34e99568d2db7ec355b1bb006a13ef3193a8 Miraielf mirai ua-wget
http://213.209.143.64/zerarmb1fc3983f0bc36b499b62f9259598228ea731bf8f42662d160d60a1d3927a2c6 Miraielf mirai ua-wget
http://213.209.143.64/zerarm5233b9a33763cb7c63e71edfd6b8d2634c836874c19bd2875af301a33d67b1e23 Miraielf mirai ua-wget
http://213.209.143.64/zerarm618edecb267ed8431bcdf583343016bc4a23a14e99f188d0016b3330d50ce37e4 Miraielf mirai ua-wget
http://213.209.143.64/zerarm7ef12fe69eb0c0ec839cc768a64b74563981254355bfc070aa3f710ef76444447 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/693325a96019bc7a8f818e84/reports/78a1b030-fa2f-4e6c-847b-c1207c872bdf/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/675456c78cb4e8f94b9635cea6e2bb74a488fb6fdd906209e2dd7bcaea50d247
Verdict:
Malicious
File Type:
text
First seen:
2025-12-05T16:20:00Z UTC
Last seen:
2025-12-07T12:30:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/675456c78cb4e8f94b9635cea6e2bb74a488fb6fdd906209e2dd7bcaea50d247/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b57fc0f4-65d8-47fb-a98c-b9c2ebb458cc
Behavior Graph:
Download SVG
%3 guuid=e7a3b8de-1800-0000-3d5c-af71bd0a0000 pid=2749 /usr/bin/sudo guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754 /tmp/sample.bin guuid=e7a3b8de-1800-0000-3d5c-af71bd0a0000 pid=2749->guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754 execve guuid=6a60a0e1-1800-0000-3d5c-af71c30a0000 pid=2755 /usr/bin/wget net send-data write-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=6a60a0e1-1800-0000-3d5c-af71c30a0000 pid=2755 execve guuid=831194ea-1800-0000-3d5c-af71cc0a0000 pid=2764 /usr/bin/chmod guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=831194ea-1800-0000-3d5c-af71cc0a0000 pid=2764 execve guuid=e2282beb-1800-0000-3d5c-af71cd0a0000 pid=2765 /usr/bin/dash guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=e2282beb-1800-0000-3d5c-af71cd0a0000 pid=2765 clone guuid=18b208ec-1800-0000-3d5c-af71cf0a0000 pid=2767 /usr/bin/rm delete-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=18b208ec-1800-0000-3d5c-af71cf0a0000 pid=2767 execve guuid=3dd74fec-1800-0000-3d5c-af71d00a0000 pid=2768 /usr/bin/wget net send-data write-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=3dd74fec-1800-0000-3d5c-af71d00a0000 pid=2768 execve guuid=8550e0f0-1800-0000-3d5c-af71de0a0000 pid=2782 /usr/bin/chmod guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=8550e0f0-1800-0000-3d5c-af71de0a0000 pid=2782 execve guuid=ec8556f1-1800-0000-3d5c-af71e00a0000 pid=2784 /usr/bin/dash guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=ec8556f1-1800-0000-3d5c-af71e00a0000 pid=2784 clone guuid=56871af2-1800-0000-3d5c-af71e20a0000 pid=2786 /usr/bin/rm delete-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=56871af2-1800-0000-3d5c-af71e20a0000 pid=2786 execve guuid=b03573f2-1800-0000-3d5c-af71e40a0000 pid=2788 /usr/bin/wget net send-data write-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=b03573f2-1800-0000-3d5c-af71e40a0000 pid=2788 execve guuid=e8fefff6-1800-0000-3d5c-af71ef0a0000 pid=2799 /usr/bin/chmod guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=e8fefff6-1800-0000-3d5c-af71ef0a0000 pid=2799 execve guuid=397049f7-1800-0000-3d5c-af71f10a0000 pid=2801 /usr/bin/dash guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=397049f7-1800-0000-3d5c-af71f10a0000 pid=2801 clone guuid=3716eaf7-1800-0000-3d5c-af71f40a0000 pid=2804 /usr/bin/rm delete-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=3716eaf7-1800-0000-3d5c-af71f40a0000 pid=2804 execve guuid=0a5b21f8-1800-0000-3d5c-af71f60a0000 pid=2806 /usr/bin/wget net send-data write-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=0a5b21f8-1800-0000-3d5c-af71f60a0000 pid=2806 execve guuid=5cd053fc-1800-0000-3d5c-af71fb0a0000 pid=2811 /usr/bin/chmod guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=5cd053fc-1800-0000-3d5c-af71fb0a0000 pid=2811 execve guuid=214d95fc-1800-0000-3d5c-af71fc0a0000 pid=2812 /usr/bin/dash guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=214d95fc-1800-0000-3d5c-af71fc0a0000 pid=2812 clone guuid=c2f71dfd-1800-0000-3d5c-af71ff0a0000 pid=2815 /usr/bin/rm delete-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=c2f71dfd-1800-0000-3d5c-af71ff0a0000 pid=2815 execve guuid=756259fd-1800-0000-3d5c-af71000b0000 pid=2816 /usr/bin/wget net send-data write-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=756259fd-1800-0000-3d5c-af71000b0000 pid=2816 execve guuid=1c79d801-1900-0000-3d5c-af710c0b0000 pid=2828 /usr/bin/chmod guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=1c79d801-1900-0000-3d5c-af710c0b0000 pid=2828 execve guuid=10ff3d02-1900-0000-3d5c-af710e0b0000 pid=2830 /usr/bin/dash guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=10ff3d02-1900-0000-3d5c-af710e0b0000 pid=2830 clone guuid=0bbcd203-1900-0000-3d5c-af71120b0000 pid=2834 /usr/bin/rm delete-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=0bbcd203-1900-0000-3d5c-af71120b0000 pid=2834 execve guuid=15c43a04-1900-0000-3d5c-af71140b0000 pid=2836 /usr/bin/wget net send-data write-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=15c43a04-1900-0000-3d5c-af71140b0000 pid=2836 execve guuid=a2822209-1900-0000-3d5c-af71200b0000 pid=2848 /usr/bin/chmod guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=a2822209-1900-0000-3d5c-af71200b0000 pid=2848 execve guuid=07fd8809-1900-0000-3d5c-af71220b0000 pid=2850 /usr/bin/dash guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=07fd8809-1900-0000-3d5c-af71220b0000 pid=2850 clone guuid=ccfd3e0a-1900-0000-3d5c-af71250b0000 pid=2853 /usr/bin/rm delete-file guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=ccfd3e0a-1900-0000-3d5c-af71250b0000 pid=2853 execve guuid=7a4a8c0a-1900-0000-3d5c-af71270b0000 pid=2855 /usr/bin/rm guuid=d1bb43e1-1800-0000-3d5c-af71c20a0000 pid=2754->guuid=7a4a8c0a-1900-0000-3d5c-af71270b0000 pid=2855 execve b3bc708e-8ccc-5219-9688-8bb7f25e7035 213.209.143.64:80 guuid=6a60a0e1-1800-0000-3d5c-af71c30a0000 pid=2755->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=3dd74fec-1800-0000-3d5c-af71d00a0000 pid=2768->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=b03573f2-1800-0000-3d5c-af71e40a0000 pid=2788->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 135B guuid=0a5b21f8-1800-0000-3d5c-af71f60a0000 pid=2806->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=756259fd-1800-0000-3d5c-af71000b0000 pid=2816->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=15c43a04-1900-0000-3d5c-af71140b0000 pid=2836->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/675456c78cb4e8f94b9635cea6e2bb74a488fb6fdd906209e2dd7bcaea50d247
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/675456c78cb4e8f94b9635cea6e2bb74a488fb6fdd906209e2dd7bcaea50d247/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-05 18:34:24 UTC
File Type:
Text (Shell)
AV detection:
17 of 37 (45.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m5kfnr4mwtupss4wgxhknyv3ossir63p3wigecpc3v54v2sq2jdq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251205-w7x89sep4z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/675456c78cb4e8f94b9635cea6e2bb74a488fb6fdd906209e2dd7bcaea50d247

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 675456c78cb4e8f94b9635cea6e2bb74a488fb6fdd906209e2dd7bcaea50d247

(this sample)

Mirai

elf 2e551fe146561dda89f65b47c1e79e7eb7a5a99ca8889d7dbfede5928250ae6c

  
URLhaus
https://urlhaus.abuse.ch/url/3726466/
  
Delivery method
Distributed via web download
  
Dropping
MD5 df11ff201416700699973469c346e680
  
Dropping
SHA256 2e551fe146561dda89f65b47c1e79e7eb7a5a99ca8889d7dbfede5928250ae6c
  
URLhaus
https://urlhaus.abuse.ch/url/3727669/

Comments