MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 790c6ea3855c59fccff2e4d4191522fea6e5367753b9ac3c6163dc2e2b0b2dd3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 790c6ea3855c59fccff2e4d4191522fea6e5367753b9ac3c6163dc2e2b0b2dd3
SHA3-384 hash: 6ed13a86881ed2c0e237039987f5c898b8d8e0d1b99aadc099a40bf40bb22ebb0d63fdc0a52376da949cd4f5e83fad47
SHA1 hash: 8065663b6891f3d16f17aac7689b1603c70a481c
MD5 hash: dc00a174277d472e0a0a0d627ed8cc68
humanhash: shade-texas-leopard-cup
File name:abc1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:894 bytes
First seen:2025-11-21 22:44:59 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J36f86fYBNfYNIIFfCKSQfSPfel9mfu9ffQKfITKf8bf8/A:j5BQgxZI9t9gpT9I/A
TLSH T1D411A7CD09A964AAADE8DF4CB07DC10CBDF1D1C9BAB1C794E874A8A341961311C00FAE
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://auth.nsotone.com/main_arm578c378c3e55dd7fa4490d05eebe961af15c7ac7932d1d99fc2d7c0149c30b263 Miraielf mirai ua-wget
http://auth.nsotone.com/main_arme72811a5507aee56ba5df45b763e273b3aed876daef643f6fcc87718e88fb122 Miraielf mirai ua-wget
http://auth.nsotone.com/main_arm6f2dba4a7f3537df00b6c19eafa672fa0432888b002d7d03cce54f8a52cd99395 Miraielf mirai ua-wget
http://auth.nsotone.com/main_arm70a7142fa5cffd96276983a5ea5feb14b4147f194b439fcf2b8eb406f49d12af3 Miraielf mirai ua-wget
http://auth.nsotone.com/main_m68k06a38c63851a69131a4a745fcf48140d890efa44102f2bb054b5a41da7f1980e Miraielf mirai ua-wget
http://auth.nsotone.com/main_mipsc7a6426b567cd168d6e1aa42e294100e1cc7a504354318bc29be46d5cb005e69 Miraielf mirai ua-wget
http://auth.nsotone.com/main_mpsl1478ad5e74455de7b0542254ed9ea9966fd6ebf4a222096e36de955b34194e3c Miraielf mirai ua-wget
http://auth.nsotone.com/main_ppc226e1f417c44288c2cfdd74065be38ba1fa704b133aafebedaa81a43714b9b3a Miraielf mirai ua-wget
http://auth.nsotone.com/main_sh482351c3d62cf110b0da95652d363fe6160d976a2df853c29c6bf4847b5c5d774 Miraielf mirai ua-wget
http://auth.nsotone.com/main_x86560679b45c8f78457cd1e09dc6a2ef3ac45b7b4b1afcf6ab5ed9892e82d4ef16 Miraielf mirai ua-wget
http://auth.nsotone.com/main_x86_647c67e18cee43a178fd36afc03bf4b52e34b71efa18459c2870135ac275a1d261 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash lolbin mirai
Link:
https://www.filescan.io/uploads/6920eb9bf96b58f0dc7f930c/reports/a1fb604c-7e90-4069-9d80-4875837214aa/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/790c6ea3855c59fccff2e4d4191522fea6e5367753b9ac3c6163dc2e2b0b2dd3/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/987544e9-48ef-4635-aea4-1f399edf7d2e
Behavior Graph:
Download SVG
%3 guuid=4694a66d-1e00-0000-c867-e1dbd90c0000 pid=3289 /usr/bin/sudo guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296 /tmp/sample.bin guuid=4694a66d-1e00-0000-c867-e1dbd90c0000 pid=3289->guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296 execve guuid=1b3c1270-1e00-0000-c867-e1dbe20c0000 pid=3298 /usr/bin/curl guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296->guuid=1b3c1270-1e00-0000-c867-e1dbe20c0000 pid=3298 execve guuid=d230181c-2300-0000-c867-e1db3e140000 pid=5182 /usr/bin/chmod guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296->guuid=d230181c-2300-0000-c867-e1db3e140000 pid=5182 execve guuid=971d871c-2300-0000-c867-e1db3f140000 pid=5183 /usr/bin/dash guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296->guuid=971d871c-2300-0000-c867-e1db3f140000 pid=5183 clone guuid=9f91981c-2300-0000-c867-e1db40140000 pid=5184 /usr/bin/curl guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296->guuid=9f91981c-2300-0000-c867-e1db40140000 pid=5184 execve guuid=2c157fc8-2700-0000-c867-e1db5c140000 pid=5212 /usr/bin/chmod guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296->guuid=2c157fc8-2700-0000-c867-e1db5c140000 pid=5212 execve guuid=dd5039c9-2700-0000-c867-e1db5d140000 pid=5213 /usr/bin/dash guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296->guuid=dd5039c9-2700-0000-c867-e1db5d140000 pid=5213 clone guuid=8bcf61c9-2700-0000-c867-e1db5e140000 pid=5214 /usr/bin/curl guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296->guuid=8bcf61c9-2700-0000-c867-e1db5e140000 pid=5214 execve guuid=1dba4d76-2c00-0000-c867-e1db6a140000 pid=5226 /usr/bin/chmod guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296->guuid=1dba4d76-2c00-0000-c867-e1db6a140000 pid=5226 execve guuid=56a3a576-2c00-0000-c867-e1db6b140000 pid=5227 /usr/bin/dash guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296->guuid=56a3a576-2c00-0000-c867-e1db6b140000 pid=5227 clone guuid=2b22b176-2c00-0000-c867-e1db6c140000 pid=5228 /usr/bin/curl guuid=e289d06f-1e00-0000-c867-e1dbe00c0000 pid=3296->guuid=2b22b176-2c00-0000-c867-e1db6c140000 pid=5228 execve guuid=1b3c1270-1e00-0000-c867-e1dbe20c0000 pid=3306 /usr/bin/curl net send-data guuid=1b3c1270-1e00-0000-c867-e1dbe20c0000 pid=3298->guuid=1b3c1270-1e00-0000-c867-e1dbe20c0000 pid=3306 clone 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=1b3c1270-1e00-0000-c867-e1dbe20c0000 pid=3306->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 272B guuid=9f91981c-2300-0000-c867-e1db40140000 pid=5185 /usr/bin/curl net send-data guuid=9f91981c-2300-0000-c867-e1db40140000 pid=5184->guuid=9f91981c-2300-0000-c867-e1db40140000 pid=5185 clone guuid=9f91981c-2300-0000-c867-e1db40140000 pid=5185->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 272B guuid=8bcf61c9-2700-0000-c867-e1db5e140000 pid=5215 /usr/bin/curl net send-data guuid=8bcf61c9-2700-0000-c867-e1db5e140000 pid=5214->guuid=8bcf61c9-2700-0000-c867-e1db5e140000 pid=5215 clone guuid=8bcf61c9-2700-0000-c867-e1db5e140000 pid=5215->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 272B guuid=2b22b176-2c00-0000-c867-e1db6c140000 pid=5229 /usr/bin/curl net send-data guuid=2b22b176-2c00-0000-c867-e1db6c140000 pid=5228->guuid=2b22b176-2c00-0000-c867-e1db6c140000 pid=5229 clone guuid=2b22b176-2c00-0000-c867-e1db6c140000 pid=5229->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/790c6ea3855c59fccff2e4d4191522fea6e5367753b9ac3c6163dc2e2b0b2dd3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/790c6ea3855c59fccff2e4d4191522fea6e5367753b9ac3c6163dc2e2b0b2dd3/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-21 22:45:51 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pegg5i4flrm7zt7s4tkbsfjc72tokntxko42ypdbmpoc4kylfxjq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251121-2prlnawqbs/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/790c6ea3855c59fccff2e4d4191522fea6e5367753b9ac3c6163dc2e2b0b2dd3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 790c6ea3855c59fccff2e4d4191522fea6e5367753b9ac3c6163dc2e2b0b2dd3

(this sample)

Mirai

elf 78c378c3e55dd7fa4490d05eebe961af15c7ac7932d1d99fc2d7c0149c30b263

  
URLhaus
https://urlhaus.abuse.ch/url/3713714/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3713721/
  
Dropping
MD5 db9e75a11323becfc8500e756a057da8
  
Dropping
SHA256 78c378c3e55dd7fa4490d05eebe961af15c7ac7932d1d99fc2d7c0149c30b263

Comments