MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 678574bb5f5220096a721f21941a18be0d437a1b074b763c59fd5b8866e434d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 678574bb5f5220096a721f21941a18be0d437a1b074b763c59fd5b8866e434d4
SHA3-384 hash: 7ccada3cf391dc29ad266e95f2b80409e770ef7af99001fcc176448c10c21396c1eb5375c3fc6c845eb0bc13b3dae0dd
SHA1 hash: 1cf50a6f5013ce62b5d48596a81fc15eb5ab0d19
MD5 hash: 49835568a087d04af4674c3d5d4276d1
humanhash: arkansas-autumn-cold-beryllium
File name:o.xml
Download: download sample
Signature Mirai
Create hunting rule
File size:728 bytes
First seen:2025-07-05 10:33:23 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:FH8ioNJAC7ukxGWi2jU30+0K5+A+GSjR2pkDChpkDoB25ZhG+E6:FH8j/wWi2jzCmS5fXI
TLSH T1B401F47D91A8CB5249B9C9C7F1F08506C49590CBA2FA57E9F38E09266F28CDE3C5320D
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.86.61/00101010101001/morte.x864fef063a9f02ba436aa8231ae6e68833cc7007d4acd4c911b0742fc6edb7f3e0 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
18
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6869265bc9eb9747376696d6linux22vpnfull_triage
Tags:
backdoor mirai agent hype
Verdict:
Suspicious
Labled as:
TrojanDownloader/Linux.NetLoader
Link:
https://www.hybrid-analysis.com/sample/678574bb5f5220096a721f21941a18be0d437a1b074b763c59fd5b8866e434d4
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/68182cc4-d82d-492b-ab74-c560c11c047b
Behavior Graph:
Download SVG
%3 guuid=bf169d62-1700-0000-d214-b05f400b0000 pid=2880 /usr/bin/sudo guuid=1f6c3564-1700-0000-d214-b05f450b0000 pid=2885 /tmp/sample.bin guuid=bf169d62-1700-0000-d214-b05f400b0000 pid=2880->guuid=1f6c3564-1700-0000-d214-b05f450b0000 pid=2885 execve guuid=96bc6464-1700-0000-d214-b05f470b0000 pid=2887 /usr/bin/dash guuid=1f6c3564-1700-0000-d214-b05f450b0000 pid=2885->guuid=96bc6464-1700-0000-d214-b05f470b0000 pid=2887 clone guuid=35de6e64-1700-0000-d214-b05f480b0000 pid=2888 /usr/bin/dash guuid=1f6c3564-1700-0000-d214-b05f450b0000 pid=2885->guuid=35de6e64-1700-0000-d214-b05f480b0000 pid=2888 clone guuid=b1488164-1700-0000-d214-b05f490b0000 pid=2889 /usr/bin/curl net send-data write-file guuid=1f6c3564-1700-0000-d214-b05f450b0000 pid=2885->guuid=b1488164-1700-0000-d214-b05f490b0000 pid=2889 execve guuid=a198f56a-1700-0000-d214-b05f5a0b0000 pid=2906 /usr/bin/wget net send-data write-file guuid=1f6c3564-1700-0000-d214-b05f450b0000 pid=2885->guuid=a198f56a-1700-0000-d214-b05f5a0b0000 pid=2906 execve guuid=7ec6076e-1700-0000-d214-b05f640b0000 pid=2916 /usr/bin/chmod guuid=1f6c3564-1700-0000-d214-b05f450b0000 pid=2885->guuid=7ec6076e-1700-0000-d214-b05f640b0000 pid=2916 execve guuid=cce55b6e-1700-0000-d214-b05f660b0000 pid=2918 /home/sandbox/morte.x86 net guuid=1f6c3564-1700-0000-d214-b05f450b0000 pid=2885->guuid=cce55b6e-1700-0000-d214-b05f660b0000 pid=2918 execve 3d144578-f914-571c-924a-cde24580b79c 196.251.86.61:80 guuid=b1488164-1700-0000-d214-b05f490b0000 pid=2889->3d144578-f914-571c-924a-cde24580b79c send: 101B guuid=a198f56a-1700-0000-d214-b05f5a0b0000 pid=2906->3d144578-f914-571c-924a-cde24580b79c send: 152B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=cce55b6e-1700-0000-d214-b05f660b0000 pid=2918->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c6a12a6f-1700-0000-d214-b05f690b0000 pid=2921 /home/sandbox/morte.x86 guuid=cce55b6e-1700-0000-d214-b05f660b0000 pid=2918->guuid=c6a12a6f-1700-0000-d214-b05f690b0000 pid=2921 clone guuid=3f5a326f-1700-0000-d214-b05f6a0b0000 pid=2922 /home/sandbox/morte.x86 delete-file dns net send-data zombie guuid=cce55b6e-1700-0000-d214-b05f660b0000 pid=2918->guuid=3f5a326f-1700-0000-d214-b05f6a0b0000 pid=2922 clone guuid=3f5a326f-1700-0000-d214-b05f6a0b0000 pid=2922->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 352B 310a0ed0-c544-54ca-bf3f-fca55e459297 65.222.202.53:80 guuid=3f5a326f-1700-0000-d214-b05f6a0b0000 pid=2922->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 2B 4fd94640-5d8c-5b00-9f19-551fe5384583 jbvpshosti.ink:12121 guuid=3f5a326f-1700-0000-d214-b05f6a0b0000 pid=2922->4fd94640-5d8c-5b00-9f19-551fe5384583 send: 11B guuid=b990406f-1700-0000-d214-b05f6c0b0000 pid=2924 /home/sandbox/morte.x86 guuid=3f5a326f-1700-0000-d214-b05f6a0b0000 pid=2922->guuid=b990406f-1700-0000-d214-b05f6c0b0000 pid=2924 clone
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/678574bb5f5220096a721f21941a18be0d437a1b074b763c59fd5b8866e434d4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/678574bb5f5220096a721f21941a18be0d437a1b074b763c59fd5b8866e434d4/
Threat name:
Script-JS.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-07-05 13:19:22 UTC
File Type:
Text
AV detection:
7 of 24 (29.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m6cxjo27kiqas2tsd4qzigqyxygug6q3a5fxmpcz7vnyqzxegtka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250705-qknhnazky8/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/678574bb5f5220096a721f21941a18be0d437a1b074b763c59fd5b8866e434d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 678574bb5f5220096a721f21941a18be0d437a1b074b763c59fd5b8866e434d4

(this sample)

Mirai

elf 4fef063a9f02ba436aa8231ae6e68833cc7007d4acd4c911b0742fc6edb7f3e0

  
URLhaus
https://urlhaus.abuse.ch/url/3572924/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3574742/
  
URLhaus
https://urlhaus.abuse.ch/url/3571678/
  
URLhaus
https://urlhaus.abuse.ch/url/3573023/
  
URLhaus
https://urlhaus.abuse.ch/url/3571681/
  
URLhaus
https://urlhaus.abuse.ch/url/3573029/
  
URLhaus
https://urlhaus.abuse.ch/url/3573017/
  
URLhaus
https://urlhaus.abuse.ch/url/3572974/
  
URLhaus
https://urlhaus.abuse.ch/url/3572956/
  
URLhaus
https://urlhaus.abuse.ch/url/3571679/
  
URLhaus
https://urlhaus.abuse.ch/url/3571664/
  
Dropping
MD5 f5084d62ff39c1f663080cd7eaa91ece
  
Dropping
SHA256 4fef063a9f02ba436aa8231ae6e68833cc7007d4acd4c911b0742fc6edb7f3e0

Comments