MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c6117a6b4f6fb8f4ed954e96e403fad820cc13f79217233b6b8f5ec367bf3c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c6117a6b4f6fb8f4ed954e96e403fad820cc13f79217233b6b8f5ec367bf3c1
SHA3-384 hash: 1ef7292fdb3e33a290149dd3d73721a6a67a1ba730a5beb6460dc83588c15844751bfc082060d5784f2e91c077056850
SHA1 hash: 35ef4bc5b4c3497e38968e783e223676f77c285e
MD5 hash: 3d5fd8931eed8223fb340dd828a11a22
humanhash: mike-music-jersey-item
File name:nu
Download: download sample
Signature Mirai
Create hunting rule
File size:392 bytes
First seen:2025-10-08 23:34:40 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SXq8WwfGwAK/w4faJKaRq8WoGNIZo+/uaJKaRq8Wya9ya4yHkMJKaRq8W878aXJo:IdfJAKokCZENI3WCZihBZRowo
TLSH T16EE012DFC02119163144ED84F06F02B07A0DEDB1C258EE4EAA4F3E3D6B9C6007C78A54
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://109.205.213.5/kvariant.arm795c84d2cb01247b415f57c19c291ff83f7f2e5da207db1fe775ae6df6f8414fe Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm6464e01d54829277f90c3a6079e7296056090aff9f57d5b399903470f40628536 Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm5b348e5b70ab7e0d8bb74afbd7749daaab6d7becf6854dfc75486a71da1430ab9 Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm376ca979cb4140b86393ee85cf7f66f18f5cee9ad886102ac207238e88562c6a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/6c6117a6b4f6fb8f4ed954e96e403fad820cc13f79217233b6b8f5ec367bf3c1
Verdict:
Malicious
File Type:
text
First seen:
2025-10-08T21:51:00Z UTC
Last seen:
2025-10-08T21:59:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6c6117a6b4f6fb8f4ed954e96e403fad820cc13f79217233b6b8f5ec367bf3c1/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c30613d0-6599-430f-9723-81aae773345b
Behavior Graph:
Download SVG
%3 guuid=1f8c6ff2-1a00-0000-c5e2-b590460c0000 pid=3142 /usr/bin/sudo guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143 /tmp/sample.bin guuid=1f8c6ff2-1a00-0000-c5e2-b590460c0000 pid=3142->guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143 execve guuid=afa68ff5-1a00-0000-c5e2-b590480c0000 pid=3144 /usr/bin/wget net send-data write-file guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=afa68ff5-1a00-0000-c5e2-b590480c0000 pid=3144 execve guuid=076d8230-1b00-0000-c5e2-b590680c0000 pid=3176 /usr/bin/chmod guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=076d8230-1b00-0000-c5e2-b590680c0000 pid=3176 execve guuid=5022f830-1b00-0000-c5e2-b590690c0000 pid=3177 /usr/bin/dash guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=5022f830-1b00-0000-c5e2-b590690c0000 pid=3177 clone guuid=fa716833-1b00-0000-c5e2-b5906b0c0000 pid=3179 /usr/bin/wget net send-data write-file guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=fa716833-1b00-0000-c5e2-b5906b0c0000 pid=3179 execve guuid=1847ea52-1b00-0000-c5e2-b590900c0000 pid=3216 /usr/bin/chmod guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=1847ea52-1b00-0000-c5e2-b590900c0000 pid=3216 execve guuid=3bf13d53-1b00-0000-c5e2-b590910c0000 pid=3217 /usr/bin/dash guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=3bf13d53-1b00-0000-c5e2-b590910c0000 pid=3217 clone guuid=24096e54-1b00-0000-c5e2-b590930c0000 pid=3219 /usr/bin/wget net send-data write-file guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=24096e54-1b00-0000-c5e2-b590930c0000 pid=3219 execve guuid=492a0176-1b00-0000-c5e2-b590b10c0000 pid=3249 /usr/bin/chmod guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=492a0176-1b00-0000-c5e2-b590b10c0000 pid=3249 execve guuid=c5f34476-1b00-0000-c5e2-b590b20c0000 pid=3250 /usr/bin/dash guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=c5f34476-1b00-0000-c5e2-b590b20c0000 pid=3250 clone guuid=0527f076-1b00-0000-c5e2-b590b40c0000 pid=3252 /usr/bin/wget net send-data write-file guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=0527f076-1b00-0000-c5e2-b590b40c0000 pid=3252 execve guuid=24ad149c-1b00-0000-c5e2-b590f40c0000 pid=3316 /usr/bin/chmod guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=24ad149c-1b00-0000-c5e2-b590f40c0000 pid=3316 execve guuid=c0c47e9c-1b00-0000-c5e2-b590f60c0000 pid=3318 /usr/bin/dash guuid=5d1156f5-1a00-0000-c5e2-b590470c0000 pid=3143->guuid=c0c47e9c-1b00-0000-c5e2-b590f60c0000 pid=3318 clone 9df19bce-d755-5940-91ff-d0e847757959 109.205.213.5:80 guuid=afa68ff5-1a00-0000-c5e2-b590480c0000 pid=3144->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=fa716833-1b00-0000-c5e2-b5906b0c0000 pid=3179->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=24096e54-1b00-0000-c5e2-b590930c0000 pid=3219->9df19bce-d755-5940-91ff-d0e847757959 send: 141B guuid=0527f076-1b00-0000-c5e2-b590b40c0000 pid=3252->9df19bce-d755-5940-91ff-d0e847757959 send: 140B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6c6117a6b4f6fb8f4ed954e96e403fad820cc13f79217233b6b8f5ec367bf3c1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6c6117a6b4f6fb8f4ed954e96e403fad820cc13f79217233b6b8f5ec367bf3c1/
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-10-09 00:15:34 UTC
File Type:
Text (JavaScript)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nrqrpjvu635y6twzktuw4qb7vwbazqj7peqxem5wxd26ynt36paq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251009-f84jnstqt2/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6c6117a6b4f6fb8f4ed954e96e403fad820cc13f79217233b6b8f5ec367bf3c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6c6117a6b4f6fb8f4ed954e96e403fad820cc13f79217233b6b8f5ec367bf3c1

(this sample)

Mirai

elf b1e811b36b085c989854bf9af6b39ae57f34ba84440f4db4b1c53ed7bc435653

  
URLhaus
https://urlhaus.abuse.ch/url/3626378/
  
Delivery method
Distributed via web download
  
Dropping
MD5 8ba1e874b70b491e9ccc1c2b362dc76c
  
Dropping
SHA256 b1e811b36b085c989854bf9af6b39ae57f34ba84440f4db4b1c53ed7bc435653

Comments