MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b1234e46d9550cd7fcc8106b88dc9c37af713c0f0e53613fcd823324beca78f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b1234e46d9550cd7fcc8106b88dc9c37af713c0f0e53613fcd823324beca78f
SHA3-384 hash: 7ef7dea3a89821cf04c187259cd90e4540f487d8c14b9c27aa22a67d732452b23a4126d8767916708cb0fb04b2df2eb1
SHA1 hash: e157018acc14eb12d42c5f8c0c53e9b2abe11b4b
MD5 hash: 0ceffd20c2e386224e7a46357ae05b0c
humanhash: social-asparagus-jupiter-robert
File name:o.xml
Download: download sample
Signature Mirai
Create hunting rule
File size:671 bytes
First seen:2025-10-19 11:19:20 UTC
Last seen:2025-10-19 19:30:09 UTC
File type: sh
MIME type:text/plain
ssdeep 12:FH8ioNJAC7ukxGWi2jU30+0K5+A+kjtrztbKZhG+E6:FH8j/wWi2jzkt3u
TLSH T196014CACF1A8CB5009F9C546F1B04504D492D0C7E1F5A7D5F28E59237F20C6E346364D
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/px8630bb3dc856c0b73e0e467eb55c98dd736f545e2d6aa2f73e81985f1a7768b541 Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
54
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
no reply from clamd
Create hunting rule

Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.NetLoader
Link:
https://www.hybrid-analysis.com/sample/6b1234e46d9550cd7fcc8106b88dc9c37af713c0f0e53613fcd823324beca78f
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/6b1234e46d9550cd7fcc8106b88dc9c37af713c0f0e53613fcd823324beca78f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b8e31909-cc08-4c3a-a4d5-621e859e606a
Behavior Graph:
Download SVG
%3 guuid=a8d2f040-1700-0000-b6d3-c850a50e0000 pid=3749 /usr/bin/sudo guuid=39778742-1700-0000-b6d3-c850ab0e0000 pid=3755 /tmp/sample.bin guuid=a8d2f040-1700-0000-b6d3-c850a50e0000 pid=3749->guuid=39778742-1700-0000-b6d3-c850ab0e0000 pid=3755 execve guuid=8f21b642-1700-0000-b6d3-c850ad0e0000 pid=3757 /usr/bin/dash guuid=39778742-1700-0000-b6d3-c850ab0e0000 pid=3755->guuid=8f21b642-1700-0000-b6d3-c850ad0e0000 pid=3757 clone guuid=b773c942-1700-0000-b6d3-c850ae0e0000 pid=3758 /usr/bin/dash guuid=39778742-1700-0000-b6d3-c850ab0e0000 pid=3755->guuid=b773c942-1700-0000-b6d3-c850ae0e0000 pid=3758 clone guuid=4472dd42-1700-0000-b6d3-c850b00e0000 pid=3760 /usr/bin/curl net send-data write-file guuid=39778742-1700-0000-b6d3-c850ab0e0000 pid=3755->guuid=4472dd42-1700-0000-b6d3-c850b00e0000 pid=3760 execve guuid=27cb1e48-1700-0000-b6d3-c850cd0e0000 pid=3789 /usr/bin/wget net send-data write-file guuid=39778742-1700-0000-b6d3-c850ab0e0000 pid=3755->guuid=27cb1e48-1700-0000-b6d3-c850cd0e0000 pid=3789 execve guuid=a9cadf4b-1700-0000-b6d3-c850e50e0000 pid=3813 /usr/bin/chmod guuid=39778742-1700-0000-b6d3-c850ab0e0000 pid=3755->guuid=a9cadf4b-1700-0000-b6d3-c850e50e0000 pid=3813 execve guuid=e72d274c-1700-0000-b6d3-c850e70e0000 pid=3815 /home/sandbox/px86 delete-file net guuid=39778742-1700-0000-b6d3-c850ab0e0000 pid=3755->guuid=e72d274c-1700-0000-b6d3-c850e70e0000 pid=3815 execve eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=4472dd42-1700-0000-b6d3-c850b00e0000 pid=3760->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 82B guuid=27cb1e48-1700-0000-b6d3-c850cd0e0000 pid=3789->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 133B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=e72d274c-1700-0000-b6d3-c850e70e0000 pid=3815->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=87be784c-1700-0000-b6d3-c850ee0e0000 pid=3822 /home/sandbox/px86 net send-data zombie guuid=e72d274c-1700-0000-b6d3-c850e70e0000 pid=3815->guuid=87be784c-1700-0000-b6d3-c850ee0e0000 pid=3822 clone guuid=87be784c-1700-0000-b6d3-c850ee0e0000 pid=3822->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 945d0657-1e29-5b8e-a636-09ef913aa214 213.209.143.62:18129 guuid=87be784c-1700-0000-b6d3-c850ee0e0000 pid=3822->945d0657-1e29-5b8e-a636-09ef913aa214 send: 11B guuid=b0798f4c-1700-0000-b6d3-c850ef0e0000 pid=3823 /home/sandbox/px86 guuid=87be784c-1700-0000-b6d3-c850ee0e0000 pid=3822->guuid=b0798f4c-1700-0000-b6d3-c850ef0e0000 pid=3823 clone guuid=2ba5934c-1700-0000-b6d3-c850f00e0000 pid=3824 /home/sandbox/px86 guuid=87be784c-1700-0000-b6d3-c850ee0e0000 pid=3822->guuid=2ba5934c-1700-0000-b6d3-c850f00e0000 pid=3824 clone
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6b1234e46d9550cd7fcc8106b88dc9c37af713c0f0e53613fcd823324beca78f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b1234e46d9550cd7fcc8106b88dc9c37af713c0f0e53613fcd823324beca78f/
Threat name:
Script-JS.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-19 12:10:08 UTC
AV detection:
4 of 38 (10.53%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nmjdjzdnsvim276mqedlrdojyn5poe6a6dstme743artes7mu6hq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6b1234e46d9550cd7fcc8106b88dc9c37af713c0f0e53613fcd823324beca78f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6b1234e46d9550cd7fcc8106b88dc9c37af713c0f0e53613fcd823324beca78f

(this sample)

Mirai

elf 102dd55433a6be908cbf56f0cb241fc9285628743366b1b11fc43355ae72d6bd

  
URLhaus
https://urlhaus.abuse.ch/url/3636149/
  
Delivery method
Distributed via web download
  
Dropping
MD5 cf9c50c67b9c31ef6a21fc11c9ea3d5c
  
Dropping
SHA256 102dd55433a6be908cbf56f0cb241fc9285628743366b1b11fc43355ae72d6bd

Comments