MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f8b88e1a2e70256b74996f6185b41bc9be47897b53cb1f1dc59d931a7199e72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f8b88e1a2e70256b74996f6185b41bc9be47897b53cb1f1dc59d931a7199e72
SHA3-384 hash: 3784d18c521a64239ceb4ed0bdbbfafe6455e6a6433a2d235f1109eaacaca8b09bb533941ea8065b5d88698cd5ec7044
SHA1 hash: ea6d93f8d4fe3e2a44b01db3e0dcde23d15b7a23
MD5 hash: 4395b5512370b9a4fb69c43f40ff0888
humanhash: nineteen-cardinal-happy-enemy
File name:cnipc
Download: download sample
Signature Mirai
Create hunting rule
File size:152 bytes
First seen:2025-12-21 15:13:45 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:LxAjdVZVb8NBzSa+ANja9EJzgxAjdVZVCONBzSa5Ap9mun:L6VbkPjoE9g6Vxykun
TLSH T155C08CAF20272A41C008AE7028A13019B6A1CAD226B00B0E9BC82033F8CE600F71CE21
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/splmipsdcb690747a11527c5ad9919521ffd27a29563f24c19df3d7f9218fdea6e88622 Miraielf mirai ua-wget
http://130.12.180.64/splmpsl0cffd5f3473dde6aecb03030cb95efa81c7e1a1bc218528dc318348af422c8cc Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/694812c984afa5547b5b6e82/reports/263a23b8-a502-402d-9963-b0a97fb40eb8/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6f8b88e1a2e70256b74996f6185b41bc9be47897b53cb1f1dc59d931a7199e72
Verdict:
Malicious
File Type:
text
First seen:
2025-12-21T13:44:00Z UTC
Last seen:
2025-12-22T14:11:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6f8b88e1a2e70256b74996f6185b41bc9be47897b53cb1f1dc59d931a7199e72/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/27552c63-5cc4-445d-9a16-192911aef3c3
Behavior Graph:
Download SVG
%3 guuid=f89a1b7b-1800-0000-d8af-940f020e0000 pid=3586 /usr/bin/sudo guuid=6719bb7c-1800-0000-d8af-940f080e0000 pid=3592 /tmp/sample.bin guuid=f89a1b7b-1800-0000-d8af-940f020e0000 pid=3586->guuid=6719bb7c-1800-0000-d8af-940f080e0000 pid=3592 execve guuid=6b6d1b7d-1800-0000-d8af-940f0a0e0000 pid=3594 /usr/bin/wget net send-data write-file guuid=6719bb7c-1800-0000-d8af-940f080e0000 pid=3592->guuid=6b6d1b7d-1800-0000-d8af-940f0a0e0000 pid=3594 execve guuid=f6196b82-1800-0000-d8af-940f170e0000 pid=3607 /usr/bin/chmod guuid=6719bb7c-1800-0000-d8af-940f080e0000 pid=3592->guuid=f6196b82-1800-0000-d8af-940f170e0000 pid=3607 execve guuid=d704a982-1800-0000-d8af-940f180e0000 pid=3608 /usr/bin/dash guuid=6719bb7c-1800-0000-d8af-940f080e0000 pid=3592->guuid=d704a982-1800-0000-d8af-940f180e0000 pid=3608 clone guuid=a6218883-1800-0000-d8af-940f1c0e0000 pid=3612 /usr/bin/wget net send-data write-file guuid=6719bb7c-1800-0000-d8af-940f080e0000 pid=3592->guuid=a6218883-1800-0000-d8af-940f1c0e0000 pid=3612 execve guuid=09f32188-1800-0000-d8af-940f2f0e0000 pid=3631 /usr/bin/chmod guuid=6719bb7c-1800-0000-d8af-940f080e0000 pid=3592->guuid=09f32188-1800-0000-d8af-940f2f0e0000 pid=3631 execve guuid=c3009488-1800-0000-d8af-940f310e0000 pid=3633 /usr/bin/dash guuid=6719bb7c-1800-0000-d8af-940f080e0000 pid=3592->guuid=c3009488-1800-0000-d8af-940f310e0000 pid=3633 clone f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=6b6d1b7d-1800-0000-d8af-940f0a0e0000 pid=3594->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B guuid=a6218883-1800-0000-d8af-940f1c0e0000 pid=3612->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6f8b88e1a2e70256b74996f6185b41bc9be47897b53cb1f1dc59d931a7199e72
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f8b88e1a2e70256b74996f6185b41bc9be47897b53cb1f1dc59d931a7199e72/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 15:31:32 UTC
File Type:
Text (Shell)
AV detection:
3 of 24 (12.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n6fyrync44bfnn2js33bqw2bxsn6i6exwu6ld4o4lhmtdjyztzza._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lmh9hasjfw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6f8b88e1a2e70256b74996f6185b41bc9be47897b53cb1f1dc59d931a7199e72

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6f8b88e1a2e70256b74996f6185b41bc9be47897b53cb1f1dc59d931a7199e72

(this sample)

Mirai

elf 2928a4694f399990791e7d0c00cb21c7fe852654df493d541097b7ce85815ec5

  
URLhaus
https://urlhaus.abuse.ch/url/3739299/
  
Delivery method
Distributed via web download
  
Dropping
MD5 84dd56e920d221a25a41f0e25fbd213d
  
Dropping
SHA256 2928a4694f399990791e7d0c00cb21c7fe852654df493d541097b7ce85815ec5

Comments