MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68481d0c1275e33fce18b43da2cf6be2108bdb6774d6ebd93b19e4a12caa3cf0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68481d0c1275e33fce18b43da2cf6be2108bdb6774d6ebd93b19e4a12caa3cf0
SHA3-384 hash: 440b2368952e55a035685251d9695221e8a5bb268f774397d7daedc890809a92ff434ba109a43ff838775305b496bf87
SHA1 hash: 81efc1e6db46cda604ab15612e40e7706489dda9
MD5 hash: 7aeae72b46bb7ae41403a2b5d42e649b
humanhash: mike-robin-quiet-crazy
File name:router.zyxel.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'464 bytes
First seen:2025-08-22 02:34:35 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:NIHBuOFk/xuAHbliBY72N4t/e3J64zgIiJY1a:ahpe5FbQuCieLiua
TLSH T1273148CE989D3211A0E8CB027C03D7689F1EC9A7AE801F94975CB8B3C78DD14F525A48
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.84.253/kitty.armv7l80e712507f9e79bfe2b455dc77350d5e4036946a0417225f6f4f3a2ff940d078 Miraielf mirai ua-wget
http://196.251.84.253/kitty.armv6lc1ea896950b50eb46534a8a3aba9c0b6ac50483717822a8bae8eb439b576e94c Miraielf mirai ua-wget
http://196.251.84.253/kitty.armv5l955ff456db1482947fcaa4a2ca57a372e0ea3ab9e92a2c6c34c1a97b85269b50 Miraielf mirai ua-wget
http://196.251.84.253/kitty.mipsn/an/aelf mirai ua-wget
http://196.251.84.253/kitty.mipselcb93ba4bdeca9b98b820e6a54f5ce7259c6dea673d8ee2b92e88d39f70efb8ea Miraielf mirai ua-wget
http://196.251.84.253/kitty.aarch641a930b4aa7c5f6e140466a8309037bf5def5614f7ed514bd9010868b8f51710b Tsunamielf mirai Tsunami ua-wget
http://196.251.84.253/kitty.i6861856f5b82ce74dec870cdc0532a1aafcbb952a73f73268283fee5829ca0843a4 Miraielf mirai ua-wget
http://196.251.84.253/kitty.i486dff8915b9e3eaddfd2383c1b061ab2a0a0272d351a7d9bb8147a2b62b9ed3048 Miraielf mirai ua-wget
http://196.251.84.253/kitty.x86_64n/an/aelf mirai ua-wget
http://196.251.84.253/kitty.powerpc30fcafea6ab423a85ade81a48e89cd23e195ed24c746ed908b68d897b2c88dbc Miraielf mirai ua-wget
http://196.251.84.253/kitty.powerpc641fa67e0be9dac19cd3a37a238f58eb1c0d160352d874bbfc423db7444c5b5ccb Miraielf mirai ua-wget
http://196.251.84.253/kitty.m68kbaf58c8b685e602fc75a3591005d3f9f2bfc5ea0ccce6bf54e542a29fe5cd048 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/68481d0c1275e33fce18b43da2cf6be2108bdb6774d6ebd93b19e4a12caa3cf0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68481d0c1275e33fce18b43da2cf6be2108bdb6774d6ebd93b19e4a12caa3cf0/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/68481d0c1275e33fce18b43da2cf6be2108bdb6774d6ebd93b19e4a12caa3cf0
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-08-22 00:04:42 UTC
AV detection:
11 of 38 (28.95%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nbeb2dasoxrt7tqywq62ft3l4iiixw3hotloxwj3dhskclfkhtya._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250822-c2s8ksyxgx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/68481d0c1275e33fce18b43da2cf6be2108bdb6774d6ebd93b19e4a12caa3cf0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 68481d0c1275e33fce18b43da2cf6be2108bdb6774d6ebd93b19e4a12caa3cf0

(this sample)

Mirai

elf 80e712507f9e79bfe2b455dc77350d5e4036946a0417225f6f4f3a2ff940d078

  
URLhaus
https://urlhaus.abuse.ch/url/3607071/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d20c6658bd55692b4f08514d8385eb89
  
Dropping
SHA256 80e712507f9e79bfe2b455dc77350d5e4036946a0417225f6f4f3a2ff940d078

Comments