MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d82996ebe0f175dc316d38e0b57eb0ae45bc0f88802c06a185321b62d0e01c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d82996ebe0f175dc316d38e0b57eb0ae45bc0f88802c06a185321b62d0e01c8
SHA3-384 hash: 00091f7926adf29a5018a15b330bac81641a2f876bb522316fdac406499cf77d34d87e524fa3f5cab95bfa07ed24b312
SHA1 hash: 1a361135344c5e617e0e7c3a80cedfd66a8f75f9
MD5 hash: 10d37f0b9c9eb7451168bc9e5f9dc002
humanhash: twenty-double-oregon-early
File name:tplink
Download: download sample
Signature Mirai
Create hunting rule
File size:306 bytes
First seen:2025-12-05 18:14:25 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:LA5/rHJDA5/laLaNgdhA5/pFGNIvLK2LA5/nfiAK6ifn:shVUhlaLaNgMhSNITKhfLK6on
TLSH T187E012BD002FDF1781209D15A07A6873B037EBDA9161CE09AEC4A436A1989207132E56
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/splarmb63742c8030b3522e94c94dc5f646ffc03fb813b16376ff2ac479c8b9f1e5ef9 Miraielf mirai ua-wget
http://213.209.143.64/splarm574667b2147b1c66d8d72fa2ea8a92e8403617f2d8cdb26e17b30a5da51aa0d58 Miraielf mirai ua-wget
http://213.209.143.64/splarm62e8928cc1c43c7074aaf2e7863e4fd5243705477345f40df4c51beeec9022497 Miraielf mirai ua-wget
http://213.209.143.64/splarm716363496c05fe7ba8373d58f349a1dc8d037ac665942ead0fec348dd9df7a500 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
24
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/693322266019bc7a8f818d54/reports/6dca590d-6236-4b7b-9fef-3393dd0ab34d/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-05T16:20:00Z UTC
Last seen:
2025-12-06T03:09:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6d82996ebe0f175dc316d38e0b57eb0ae45bc0f88802c06a185321b62d0e01c8/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a18c129e-e070-46de-a1d0-49d7e8057637
Behavior Graph:
Download SVG
%3 guuid=61928aa7-1800-0000-d6cb-411fda0c0000 pid=3290 /usr/bin/sudo guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296 /tmp/sample.bin guuid=61928aa7-1800-0000-d6cb-411fda0c0000 pid=3290->guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296 execve guuid=0c59bca9-1800-0000-d6cb-411fe20c0000 pid=3298 /usr/bin/wget net send-data write-file guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=0c59bca9-1800-0000-d6cb-411fe20c0000 pid=3298 execve guuid=4f5fb6b2-1800-0000-d6cb-411ff50c0000 pid=3317 /usr/bin/chmod guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=4f5fb6b2-1800-0000-d6cb-411ff50c0000 pid=3317 execve guuid=b88c0cb3-1800-0000-d6cb-411ff70c0000 pid=3319 /usr/bin/dash guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=b88c0cb3-1800-0000-d6cb-411ff70c0000 pid=3319 clone guuid=d5d146b5-1800-0000-d6cb-411ffd0c0000 pid=3325 /usr/bin/wget net send-data write-file guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=d5d146b5-1800-0000-d6cb-411ffd0c0000 pid=3325 execve guuid=ccf253ba-1800-0000-d6cb-411f010d0000 pid=3329 /usr/bin/chmod guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=ccf253ba-1800-0000-d6cb-411f010d0000 pid=3329 execve guuid=5193ceba-1800-0000-d6cb-411f020d0000 pid=3330 /usr/bin/dash guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=5193ceba-1800-0000-d6cb-411f020d0000 pid=3330 clone guuid=16efddbb-1800-0000-d6cb-411f040d0000 pid=3332 /usr/bin/wget net send-data write-file guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=16efddbb-1800-0000-d6cb-411f040d0000 pid=3332 execve guuid=4c24c8c1-1800-0000-d6cb-411f060d0000 pid=3334 /usr/bin/chmod guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=4c24c8c1-1800-0000-d6cb-411f060d0000 pid=3334 execve guuid=618549c2-1800-0000-d6cb-411f070d0000 pid=3335 /usr/bin/dash guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=618549c2-1800-0000-d6cb-411f070d0000 pid=3335 clone guuid=502d2fc3-1800-0000-d6cb-411f0d0d0000 pid=3341 /usr/bin/wget net send-data write-file guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=502d2fc3-1800-0000-d6cb-411f0d0d0000 pid=3341 execve guuid=b6c67acc-1800-0000-d6cb-411f230d0000 pid=3363 /usr/bin/chmod guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=b6c67acc-1800-0000-d6cb-411f230d0000 pid=3363 execve guuid=66d001cd-1800-0000-d6cb-411f240d0000 pid=3364 /usr/bin/dash guuid=4e5d80a9-1800-0000-d6cb-411fe00c0000 pid=3296->guuid=66d001cd-1800-0000-d6cb-411f240d0000 pid=3364 clone b3bc708e-8ccc-5219-9688-8bb7f25e7035 213.209.143.64:80 guuid=0c59bca9-1800-0000-d6cb-411fe20c0000 pid=3298->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 135B guuid=d5d146b5-1800-0000-d6cb-411ffd0c0000 pid=3325->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=16efddbb-1800-0000-d6cb-411f040d0000 pid=3332->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=502d2fc3-1800-0000-d6cb-411f0d0d0000 pid=3341->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6d82996ebe0f175dc316d38e0b57eb0ae45bc0f88802c06a185321b62d0e01c8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d82996ebe0f175dc316d38e0b57eb0ae45bc0f88802c06a185321b62d0e01c8/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 18:19:15 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nwbjs3v6b4lv3qyw2ohawv7lblsfxqhyrabma2qykmq3mlioahea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251205-wxwbxsel51/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6d82996ebe0f175dc316d38e0b57eb0ae45bc0f88802c06a185321b62d0e01c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6d82996ebe0f175dc316d38e0b57eb0ae45bc0f88802c06a185321b62d0e01c8

(this sample)

Mirai

elf 4cb082a8c97e22c41d2bdace84f90f8ee158ddb0312f442bbe6f883516e3b640

  
URLhaus
https://urlhaus.abuse.ch/url/3726330/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3726383/
  
Dropping
MD5 1821b583ce3dcdaaa872aabcff014bd1
  
Dropping
SHA256 4cb082a8c97e22c41d2bdace84f90f8ee158ddb0312f442bbe6f883516e3b640

Comments