MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70c7ea52d5c83fee1478d87a415b568b77b649fa45cce7b503c66df195888fe3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70c7ea52d5c83fee1478d87a415b568b77b649fa45cce7b503c66df195888fe3
SHA3-384 hash: 2abb4798ed55ef11467875ab109c1c80e22a23f19a19a03d384d16791470b76b22e5ada237fe34e9e95a6e7b512e9000
SHA1 hash: f783549d0ec4ad8e58634ccbf429935e22f50e51
MD5 hash: 3ca859d618a88f28367dd4200486ecfe
humanhash: seventeen-arkansas-oven-cola
File name:mwah
Download: download sample
Signature Mirai
Create hunting rule
File size:758 bytes
First seen:2025-11-14 12:12:53 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:vWOZF85ZMNM2V4ZMBAZOUNHW62caKWcITUcIT2CIRlG1lcITUcITC:uOZF85EMy0MBoLVW62pPSYM1lS4
TLSH T1E90128CF34E1C930A99045E5B6938A28F28CD0D65DC217CCED6E4CB9548DDDD3415EC6
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://93.157.106.238:9001/pppoebd025b87c4b51bd661b8e84abfa8c18e837c96afbc45d9ed7c6994714664853bf Miraiarm elf geofenced mirai ua-wget USA
http://93.157.106.238:9001/mwah70c7ea52d5c83fee1478d87a415b568b77b649fa45cce7b503c66df195888fe3 Miraigeofenced mirai sh ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/69171ce2870da54314c98fb3/reports/4a2fdad0-5ebb-474c-b08f-7c742d9f0029/overview
Verdict:
Suspicious
Labled as:
TrojanDownloader/Linux.Shell
Link:
https://www.hybrid-analysis.com/sample/70c7ea52d5c83fee1478d87a415b568b77b649fa45cce7b503c66df195888fe3
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-14T13:15:00Z UTC
Last seen:
2025-11-16T01:59:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/70c7ea52d5c83fee1478d87a415b568b77b649fa45cce7b503c66df195888fe3/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e2ef8b2b-38aa-4f8e-8397-da6e6c77f6a9
Behavior Graph:
Download SVG
%3 guuid=d980a305-1900-0000-8ff9-ad3d78130000 pid=4984 /usr/bin/sudo guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991 /tmp/sample.bin write-config guuid=d980a305-1900-0000-8ff9-ad3d78130000 pid=4984->guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991 execve guuid=ca85dd07-1900-0000-8ff9-ad3d80130000 pid=4992 /usr/bin/dash guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=ca85dd07-1900-0000-8ff9-ad3d80130000 pid=4992 clone guuid=2ae7f908-1900-0000-8ff9-ad3d89130000 pid=5001 /usr/bin/cp write-file guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=2ae7f908-1900-0000-8ff9-ad3d89130000 pid=5001 execve guuid=0272c00d-1900-0000-8ff9-ad3d98130000 pid=5016 /usr/bin/chmod guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=0272c00d-1900-0000-8ff9-ad3d98130000 pid=5016 execve guuid=4160f70d-1900-0000-8ff9-ad3d9a130000 pid=5018 /usr/bin/dash guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=4160f70d-1900-0000-8ff9-ad3d9a130000 pid=5018 clone guuid=1fc0191b-1900-0000-8ff9-ad3dc5130000 pid=5061 /usr/bin/chmod guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=1fc0191b-1900-0000-8ff9-ad3dc5130000 pid=5061 execve guuid=4a347a1b-1900-0000-8ff9-ad3dc9130000 pid=5065 /usr/bin/dash guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=4a347a1b-1900-0000-8ff9-ad3dc9130000 pid=5065 clone guuid=dbf70e1c-1900-0000-8ff9-ad3dcc130000 pid=5068 /usr/bin/rm delete-file guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=dbf70e1c-1900-0000-8ff9-ad3dcc130000 pid=5068 execve guuid=ddcb761c-1900-0000-8ff9-ad3dce130000 pid=5070 /usr/bin/grep guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=ddcb761c-1900-0000-8ff9-ad3dce130000 pid=5070 execve guuid=7bedf11c-1900-0000-8ff9-ad3dd2130000 pid=5074 /usr/bin/chmod guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=7bedf11c-1900-0000-8ff9-ad3dd2130000 pid=5074 execve guuid=233a401d-1900-0000-8ff9-ad3dd3130000 pid=5075 /usr/bin/grep guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=233a401d-1900-0000-8ff9-ad3dd3130000 pid=5075 execve guuid=4cf1b91d-1900-0000-8ff9-ad3dd7130000 pid=5079 /usr/bin/sed guuid=95c8a307-1900-0000-8ff9-ad3d7f130000 pid=4991->guuid=4cf1b91d-1900-0000-8ff9-ad3dd7130000 pid=5079 execve guuid=dd30e707-1900-0000-8ff9-ad3d82130000 pid=4994 /usr/bin/cat guuid=ca85dd07-1900-0000-8ff9-ad3d80130000 pid=4992->guuid=dd30e707-1900-0000-8ff9-ad3d82130000 pid=4994 execve guuid=9667ef07-1900-0000-8ff9-ad3d83130000 pid=4995 /usr/bin/grep guuid=ca85dd07-1900-0000-8ff9-ad3d80130000 pid=4992->guuid=9667ef07-1900-0000-8ff9-ad3d83130000 pid=4995 execve guuid=6fbaf507-1900-0000-8ff9-ad3d84130000 pid=4996 /usr/bin/grep guuid=ca85dd07-1900-0000-8ff9-ad3d80130000 pid=4992->guuid=6fbaf507-1900-0000-8ff9-ad3d84130000 pid=4996 execve guuid=b066fc07-1900-0000-8ff9-ad3d85130000 pid=4997 /usr/bin/grep guuid=ca85dd07-1900-0000-8ff9-ad3d80130000 pid=4992->guuid=b066fc07-1900-0000-8ff9-ad3d85130000 pid=4997 execve guuid=17ef0208-1900-0000-8ff9-ad3d86130000 pid=4998 /usr/bin/cut guuid=ca85dd07-1900-0000-8ff9-ad3d80130000 pid=4992->guuid=17ef0208-1900-0000-8ff9-ad3d86130000 pid=4998 execve guuid=3e65020e-1900-0000-8ff9-ad3d9d130000 pid=5021 /usr/bin/wget net send-data write-file guuid=4160f70d-1900-0000-8ff9-ad3d9a130000 pid=5018->guuid=3e65020e-1900-0000-8ff9-ad3d9d130000 pid=5021 execve e4cbdf26-f2d9-58b7-8184-7056f5df458e 93.157.106.238:9001 guuid=3e65020e-1900-0000-8ff9-ad3d9d130000 pid=5021->e4cbdf26-f2d9-58b7-8184-7056f5df458e send: 140B
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/70c7ea52d5c83fee1478d87a415b568b77b649fa45cce7b503c66df195888fe3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70c7ea52d5c83fee1478d87a415b568b77b649fa45cce7b503c66df195888fe3/
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-11-14 13:20:51 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=odd6uuwvza764fdy3b5ecw2wrn33msp2ixgopnidyzw7dfmir7rq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251114-t9nrhazncn/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/70c7ea52d5c83fee1478d87a415b568b77b649fa45cce7b503c66df195888fe3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 70c7ea52d5c83fee1478d87a415b568b77b649fa45cce7b503c66df195888fe3

(this sample)

Mirai

elf d025b87c4b51bd661b8e84abfa8c18e837c96afbc45d9ed7c6994714664853bf

  
URLhaus
https://urlhaus.abuse.ch/url/3698478/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a7651a5bd001c5eae55f5c85a731bfea
  
Dropping
SHA256 d025b87c4b51bd661b8e84abfa8c18e837c96afbc45d9ed7c6994714664853bf

Comments