MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a20a77f36c1ceb5e2721833d5c1db12cb466131f90e81f41edfa55ebf311501. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a20a77f36c1ceb5e2721833d5c1db12cb466131f90e81f41edfa55ebf311501
SHA3-384 hash: 3021456347155e3af2b6e4137677f7aee77f135e466ee26c08f3cc30afb495f1ccecdbcdb4a425871f008563721bdf8b
SHA1 hash: 5a9fbbe79b2d42561590c34be78022e84d5ff074
MD5 hash: 538804d0c00af6b69c55421468e3cfb4
humanhash: california-iowa-hotel-nuts
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:865 bytes
First seen:2025-03-23 09:36:34 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:xW2WJ5WvRWbwtWJWPWXTWTW/WWI20hWdjWeK:xnIiROcee6Uw6ZhafK
TLSH T12111098C52E2B2169B98CD087153D0C9A101D1C2759A5E67FAFA3E7CEBC470478787A6
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.134.201:8080/drea4ba09b38de6fdc0070a5de7936d38d91b4bf5f7ae7946c742ab540f39a5797e51 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/vejfa56745dcd40d1713b1600ca407b521ea93d06e6149b22bc7664f86dd642a1f3a69 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/efea69ee8890752bdb16935d0cc7e392d79ab9ae03ff2da2b7ca8eac9ee1d9d8f2704 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/efefa7eeaa3a16026a21071a0ee3d9d50d007bd651c415084ae04ac09f8badc510cba1 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/eehah429fe29d299360cb012648b21347f4e811634c5ce45401d7879c93b2ae795d781 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/rjfe6868e2c4eeecb718f448c67a284cb4bcdb05e069dc57edfa7151394ae9f8510d2e3 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/vjwe68k5a6aee063f958111c044bfaf10110f55cbaa8bdab7e8bd2e6384e8b34dd711fc Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/efjepcedc3727bdbeea2c6bbee75ce8683dc5834253016056ad44a0885b29201b0a64e Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/jfeeps70cbf441b22213e9f00d5018574ff0f07f078a4c1b937b26acdbd9fde22050f5 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/weje6498a1fb8e1286c1f2ac2fadbb5f70b88eb1951756459ce4c34e7212248ae87193 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/rrrdsld2e47ce08383edf9a149066c6ba9251dd6693309a4deee21b1c82684dea1e372 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/bejv86398dee1e2b95913ce168d5f5e8b5e297fd076ea23cdf741fb128b23fe533cf77 Miraielf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67e245a3bb84e066269eb7dalinux22vpnfull_triage
Tags:
virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67dfd646a175d31773457a89/reports/3171bd6a-9c1c-46c0-b7db-e9a4d398e80c/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6a20a77f36c1ceb5e2721833d5c1db12cb466131f90e81f41edfa55ebf311501
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a20a77f36c1ceb5e2721833d5c1db12cb466131f90e81f41edfa55ebf311501/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-03-23 09:37:08 UTC
File Type:
Text (Shell)
AV detection:
8 of 38 (21.05%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=niqko7zwyhhllytsdaz5lqo3clfumyjr7ehid5a636sv5pzrcuaq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250323-llhlkszmx2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6a20a77f36c1ceb5e2721833d5c1db12cb466131f90e81f41edfa55ebf311501

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6a20a77f36c1ceb5e2721833d5c1db12cb466131f90e81f41edfa55ebf311501

(this sample)

Mirai

elf 6d449dc4f26efe052f5d7c3a30131b306132ce6cdfd8d2d9bff84cc9c3dacd3c

  
URLhaus
https://urlhaus.abuse.ch/url/3487131/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5c8707477715a31d632bcea7cd620c49
  
Dropping
SHA256 6d449dc4f26efe052f5d7c3a30131b306132ce6cdfd8d2d9bff84cc9c3dacd3c
  
URLhaus
https://urlhaus.abuse.ch/url/3477311/

Comments