MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7745e4242b3e2ed431d0de8dbbfe11f4b5c38830ec166a9b89be55f550838719. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7745e4242b3e2ed431d0de8dbbfe11f4b5c38830ec166a9b89be55f550838719
SHA3-384 hash: 00b2fb74f662b1b3c288052365e7585c1c85c2df4a4f3a080d39547cc8b98fefd0690f57fe317f42412ebd78b529e28a
SHA1 hash: 1eba9a10783e37fe4b4bcca6702733480e368ff5
MD5 hash: c027fc4f441c6a179a05d7c561561226
humanhash: butter-batman-sierra-ten
File name:telnet.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'971 bytes
First seen:2025-09-14 11:12:35 UTC
Last seen:2025-09-14 20:46:57 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 12:7XOpo2hCQ8zmyYfsQdtVPtNaKuI6XoODOmwdmX3fNv0Z1x91YrDKLBh38tv9x77s:TAhj8UfTXF+Dzj65gtn7f4
TLSH T14341A68D10AAD561D54CCF02F1B2C3A4E84FE5C8A3A25EE1B4D3BCB15849AC0B957B37
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.71.207/x86_6468d848489d2ba487699cbeffdcd31fb39d22ccb94ab1a2c2983e9538ea551f39 Miraielf mirai ua-wget
http://196.251.71.207/aarch64205ba61018cf49c6ff5df49abfcadbe33a38e830fa4f8f657ffa6e2db230ebde Miraielf mirai ua-wget
http://196.251.71.207/m68k46c181467de432471fa4470564e669ad6bff30b0066720d56552bf6bfbf3b8cd Miraielf mirai ua-wget
http://196.251.71.207/mips551cc47e8a99c0a26e471f433dc186fa24a8381745007255e351ec7b136ed494 Miraielf mirai ua-wget
http://196.251.71.207/mipseld99d31dba21bc3f823b71baf039e14ce6b8a3cd824fb15e497dca07d736d2290 Miraielf mirai ua-wget
http://196.251.71.207/powerpcbb7ca4d580b48c1d259924a7760b2c35c9a24f1d5d816ce321d3b3a2a2c5f92f Miraielf mirai ua-wget
http://196.251.71.207/sparcae7347197673650a50dd6d22ee236c01ccc81a35290d718a25e036b4e9503c90 Miraielf mirai ua-wget
http://196.251.71.207/sh47a14f5cbf5f5cc545c10af6a2226e2d50421ccfd04fbd204ec3eeabf6b49e010 Miraielf mirai ua-wget
http://196.251.71.207/arc9d328f65c944f1043f487c4992a19f80d6142d36f0cf49396e024d159afa6723 Miraielf mirai ua-wget
http://196.251.71.207/i4862b0d719f5dc2684cb734a73e40c1d03a6ee40f408ac15bef289d7e4d9d73f7e8 Miraielf mirai ua-wget
http://196.251.71.207/armv4lfd49df844db6a4e03dac56d1edb17150171b5aa0c14ad92bfae57fbaa82073d0 Gafgytelf gafgyt ua-wget
http://196.251.71.207/armv5la3346c751947ea632fc3405ea46a20730ce4452067c62100fdcf6c62b30f8dd8 Gafgytelf gafgyt ua-wget
http://196.251.71.207/armv6l310f1c6e525d19af148754454e5c6808371fb024ad6f52622c2c044530b4deb0 Miraielf mirai ua-wget
http://196.251.71.207/armv7la270e1c59417d8ec9a977213d3c4fb5dbd7f2507337d0bc703c2ee2e96aaafab Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
3
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
no reply from clamd
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-14T08:40:00Z UTC
Last seen:
2025-09-14T08:40:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/7745e4242b3e2ed431d0de8dbbfe11f4b5c38830ec166a9b89be55f550838719/results?tab=lookup
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7745e4242b3e2ed431d0de8dbbfe11f4b5c38830ec166a9b89be55f550838719/
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-09-14 11:13:33 UTC
File Type:
Text (Shell)
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o5c6ijblhyxnimoq32g3x7qr6s24hcbq5qlgvg4jxzk7kuedq4mq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery execution linux persistence
Link:
https://tria.ge/reports/250914-na7gnsvvcs/
Behaviour
Command and Scripting Interpreter: Unix Shell
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Modifies init.d
Modifies rc script
Write file to user bin folder
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/7745e4242b3e2ed431d0de8dbbfe11f4b5c38830ec166a9b89be55f550838719

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7745e4242b3e2ed431d0de8dbbfe11f4b5c38830ec166a9b89be55f550838719

(this sample)

Mirai

elf 68d848489d2ba487699cbeffdcd31fb39d22ccb94ab1a2c2983e9538ea551f39

  
URLhaus
https://urlhaus.abuse.ch/url/3623658/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5d6a1314ed2b2eb48c76b2b511a11240
  
Dropping
SHA256 68d848489d2ba487699cbeffdcd31fb39d22ccb94ab1a2c2983e9538ea551f39

Comments