MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6837e6c32476d43bea7a9dc5fddd02c16138b2b2002eec123f48a8dbf5562afe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6837e6c32476d43bea7a9dc5fddd02c16138b2b2002eec123f48a8dbf5562afe
SHA3-384 hash: 26eb0b6d883419c074ec06a7e3800fd6a07dd67894ef1ca85c768a48fe8fb48b363f11f57a4db3baba894f372f949057
SHA1 hash: c08ba3f76e06c3c115bd45a61ec7023d1ebd7211
MD5 hash: 7649eba961fc0aaab744fd9a9e0206bd
humanhash: sink-comet-michigan-kitten
File name:6837e6c32476d43bea7a9dc5fddd02c16138b2b2002eec123f48a8dbf5562afe
Download: download sample
Signature Mirai
Create hunting rule
File size:694 bytes
First seen:2026-05-13 11:00:17 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:VNZD1dC3zHHMyZK1gzoMBzN2fNiF9fNagNSN5A0a/NmzmRsUd3FL0R:VNt1I3DMH16NkN6xNagNSNe0a/NKu/dm
TLSH T1A30194E7F519E222F5444E78E78E315370827C1B9464CE0C34C0B4555D5EE5CE413726
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter c2hunter
Tags:mirai sh wraith

Intelligence

File Origin
# of uploads :
1
# of downloads :
47
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2650.20047.32519.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a0459ea2fcb905ec29429ed/reports/b748e3cd-fd26-4a1f-ac82-e8e79d602991/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-05-13T08:07:00Z UTC
Last seen:
2026-05-14T21:54:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/6837e6c32476d43bea7a9dc5fddd02c16138b2b2002eec123f48a8dbf5562afe/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b07f52bb-52bc-49da-966d-beed359ab005
Behavior Graph:
Download SVG
%3 guuid=62f01505-1700-0000-792b-ce84e70d0000 pid=3559 /usr/bin/sudo guuid=8932f106-1700-0000-792b-ce84ee0d0000 pid=3566 /tmp/sample.bin guuid=62f01505-1700-0000-792b-ce84e70d0000 pid=3559->guuid=8932f106-1700-0000-792b-ce84ee0d0000 pid=3566 execve guuid=02c5d607-1700-0000-792b-ce84f10d0000 pid=3569 /usr/bin/bash guuid=8932f106-1700-0000-792b-ce84ee0d0000 pid=3566->guuid=02c5d607-1700-0000-792b-ce84f10d0000 pid=3569 clone guuid=4dc15d08-1700-0000-792b-ce84f40d0000 pid=3572 /usr/bin/wget net send-data write-file guuid=8932f106-1700-0000-792b-ce84ee0d0000 pid=3566->guuid=4dc15d08-1700-0000-792b-ce84f40d0000 pid=3572 execve guuid=8497524b-1700-0000-792b-ce84a40e0000 pid=3748 /usr/bin/chmod guuid=8932f106-1700-0000-792b-ce84ee0d0000 pid=3566->guuid=8497524b-1700-0000-792b-ce84a40e0000 pid=3748 execve guuid=d335d84b-1700-0000-792b-ce84a50e0000 pid=3749 /tmp/.n zombie guuid=8932f106-1700-0000-792b-ce84ee0d0000 pid=3566->guuid=d335d84b-1700-0000-792b-ce84a50e0000 pid=3749 execve guuid=b7c9e807-1700-0000-792b-ce84f20d0000 pid=3570 /usr/bin/uname guuid=02c5d607-1700-0000-792b-ce84f10d0000 pid=3569->guuid=b7c9e807-1700-0000-792b-ce84f20d0000 pid=3570 execve b3de5bbd-2035-54c9-80d3-d9fa3d5ee036 144.172.117.163:80 guuid=4dc15d08-1700-0000-792b-ce84f40d0000 pid=3572->b3de5bbd-2035-54c9-80d3-d9fa3d5ee036 send: 146B guuid=99ab214c-1700-0000-792b-ce84a70e0000 pid=3751 /tmp/.n net send-data zombie guuid=d335d84b-1700-0000-792b-ce84a50e0000 pid=3749->guuid=99ab214c-1700-0000-792b-ce84a70e0000 pid=3751 clone a672e26c-f9bd-5c61-96dc-e019430b9079 144.172.117.163:443 guuid=99ab214c-1700-0000-792b-ce84a70e0000 pid=3751->a672e26c-f9bd-5c61-96dc-e019430b9079 send: 724B
Score:
8%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6837e6c32476d43bea7a9dc5fddd02c16138b2b2002eec123f48a8dbf5562afe
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6837e6c32476d43bea7a9dc5fddd02c16138b2b2002eec123f48a8dbf5562afe/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/6837e6c32476d43bea7a9dc5fddd02c16138b2b2002eec123f48a8dbf5562afe
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-05-13 11:01:03 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=na36nqzeo3kdx2t2txc73xicyfqtrmvsaaxoyer7jcunx5kwfl7a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/260513-m4gyfads8j/
Behaviour
System Network Configuration Discovery
Writes file to tmp directory
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/6837e6c32476d43bea7a9dc5fddd02c16138b2b2002eec123f48a8dbf5562afe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
http://144.172.117.163/bins/arm.nexus

Comments