MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e222f8a48a2f9d78aaee73cd3ae28bb4cdda7cfc5c8124a79651752ee185e0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e222f8a48a2f9d78aaee73cd3ae28bb4cdda7cfc5c8124a79651752ee185e0f
SHA3-384 hash: 511a7bb6879efbda94af3dd5180d9626d6a39695d1bff5c96112d6dd9bdcf700f6714156459f3ccc236ecb6b14bd8d33
SHA1 hash: bdd5de4025e98a34b8f599ddcf0c3df784b6a9ce
MD5 hash: 5f9c5403f85d1f03dd4831b884ac178f
humanhash: crazy-bakerloo-paris-zebra
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'153 bytes
First seen:2025-08-04 05:32:13 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:l1xUKtcArEUKVNI+3BEAUKGTKRiHUK5NZIqUKIQiUK3TNPcwUKAL0gUKFB0KAUKl:yKQNI6mVKVON+7B22cZSGlBA3gaHR
TLSH T1A4219FFF13E58403856C8FD63069D528B10986D3A59C4FFD249CD8BA7A84E28F142F1D
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.116.34/bins/morte.arma1fa785a37fd03276effde035c81addd23415dfa8ab4ccce30e7deb806d3bb24 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.arm54dcdfc88ddee2531c6caee9c75192843af953b42845654a86937ae82df6072ee Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.arm62ce39c00011d45b712f7310b3d3738c592edcb581b981010f37ddb3853dfdbd9 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.arm7d91ec037d4a3bd3da8068121fd9d0447dd5eb7549051e7122b5d217cdb46af81 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.m68kbec7cd4fd3d3921bcb4b581fb9474610cd702b70f5f93d91bc0ee424cfc94dda Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.mipsd17de3b065d524a85522d7ed5ab4b15575407c438be1ee5f892445b9148963bd Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.mpsl815ba825cad23a8791a89ce794d1df9048133a152c2b37ed05066b2d8c6a68e9 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.ppcaca86d90aef3a6b4ad4c0bab0bcac9b306e0f3db025b06735ece832013d40c11 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.sh4921022e867133faf030885d2a04b10224417a897c499cd4ee2481ae9c9cd4cb6 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.spc8f7c1622b81de5ba394145552b33b51e86a009392f7884408ba0507ea148b841 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.x86e41cf98b55686fca887f880de8ebb0d6b05e6b26649b0d95a59729081ac709f5 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.x86_64623a439ec19f826bdd9cd68d00e38279d60b5ccd8f6fab633b1c6e84207c75a1 Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/689045e673b8ef6f4afd0ad2/reports/2e01e4c9-30b1-4c83-b94f-28e053caca12/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6e222f8a48a2f9d78aaee73cd3ae28bb4cdda7cfc5c8124a79651752ee185e0f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e222f8a48a2f9d78aaee73cd3ae28bb4cdda7cfc5c8124a79651752ee185e0f/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/6e222f8a48a2f9d78aaee73cd3ae28bb4cdda7cfc5c8124a79651752ee185e0f
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-04 05:32:18 UTC
File Type:
Text (Shell)
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nyrc7csiul45pcvo446nhlrixngn3j6pyxebestzmulvf3qylyhq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250804-f8fslsxnt7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6e222f8a48a2f9d78aaee73cd3ae28bb4cdda7cfc5c8124a79651752ee185e0f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6e222f8a48a2f9d78aaee73cd3ae28bb4cdda7cfc5c8124a79651752ee185e0f

(this sample)

Mirai

elf b9f837260f33f795ed8441f7a233c7c7a6f4eb735a70e3b3411a7385f25c7ab0

Mirai

elf a1fa785a37fd03276effde035c81addd23415dfa8ab4ccce30e7deb806d3bb24

  
URLhaus
https://urlhaus.abuse.ch/url/3586704/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a2f2aec5e15b7c4beb73a49781e1b2bb
  
Dropping
SHA256 a1fa785a37fd03276effde035c81addd23415dfa8ab4ccce30e7deb806d3bb24

Comments