MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8346ac3b9e7b30b788c583be8d16a776c8383972a31fc8b04fac4a7b6f3d6b31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	8346ac3b9e7b30b788c583be8d16a776c8383972a31fc8b04fac4a7b6f3d6b31
SHA3-384 hash:	fa0a7125af004f4d762e772c1382c8b54eb3e84a974c643b38cf9becb3229d64d335f6a730925fd27723017546a76945
SHA1 hash:	d1863a725e7be00b64b11bcf502d362c9fd6f6d5
MD5 hash:	6644bc1e306e65689f79353d5018caa8
humanhash:	december-edward-magazine-ten
File name:	w
Download:	download sample
Signature	Mirai Create hunting rule
File size:	873 bytes
First seen:	2025-12-09 11:58:15 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:tgvVZffVZWVZFVZsRpVZZVZ5SVZ4SVZDVZyvVZQJVL:6VdV4VvVevVvVOVpVFV4vV2VL
TLSH	T14C11A1BD42096578408EE816B1A2C70878BB8BDF34B7AA506D65723860F05DE3032F5B
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://213.209.143.64/zerarm	b3327565abb469b5e72ec0a7507534510ccc60acb002cb2b283735323a112420	Mirai	elf mirai ua-wget
http://213.209.143.64/zerarm5	11be9259843c96c79c4fc470a75225739fe43edec7d8fe2fccaa26d52851aa92	Mirai	elf mirai ua-wget
http://213.209.143.64/zerarm6	1fe3d648a158c45350edc95a2b176a625df955c2e96e4deba7e51e647c827191	Mirai	elf gafgyt mirai ua-wget
http://213.209.143.64/zerarm7	85e820c56acd10a63589c956ac80b187e1519a5ce248684656763150c044a27e	Mirai	censys elf mirai ua-wget
http://213.209.143.64/zerm68k	278ac054a48a876da96c72b249d39cb04e7955efbe847126cec66cc00c2cbfe5	Mirai	elf gafgyt mirai ua-wget
http://213.209.143.64/zermips	3ec3f406ab6e32b212258e9dff737042afab96d29b78ae795512b58952ba89b9	Mirai	elf mirai ua-wget
http://213.209.143.64/zermpsl	b1ee0fe9064f62c1674ed8afbeb6d175feec0ce7bb61213e3cc5e66059e7b88c	Mirai	elf mirai ua-wget
http://213.209.143.64/zerppc	cd10a5b32764ecda7837bb9641b02a7549b15556e2ca17c76e676ae0bc7b4310	Mirai	elf mirai ua-wget
http://213.209.143.64/zersh4	e26b89d66f151074758de67da0e319991ab99abca8e192d7cc72212b7a5c3af5	Mirai	elf gafgyt mirai ua-wget
http://213.209.143.64/zerspc	dbd0a83fd9c02f87e38f320be9fe7c80a71dc3cbfab365e016356cec6649d78a	Mirai	elf mirai ua-wget
http://213.209.143.64/zerx86	8084d2a98a8a09aa1cc54171abd670623687ce3263160668cf54a606cc5f7e8c	Mirai	censys elf gafgyt mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive mirai

Link:

https://www.filescan.io/uploads/693818ebbba50eaf04299808/reports/8f1b8d92-cb15-404f-b78e-53a0e99a5a71/overview

Verdict:

Suspicious

Labled as:

Linux/Miraia.a

Link:

https://www.hybrid-analysis.com/sample/8346ac3b9e7b30b788c583be8d16a776c8383972a31fc8b04fac4a7b6f3d6b31

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-12-09T14:38:00Z UTC

Last seen:

2025-12-09T15:18:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/8346ac3b9e7b30b788c583be8d16a776c8383972a31fc8b04fac4a7b6f3d6b31/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/45867204-a65a-4b14-ae3a-a9c12341d6d4

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/8346ac3b9e7b30b788c583be8d16a776c8383972a31fc8b04fac4a7b6f3d6b31

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8346ac3b9e7b30b788c583be8d16a776c8383972a31fc8b04fac4a7b6f3d6b31/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-12-09 12:10:41 UTC

AV detection:

20 of 38 (52.63%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qndkyo46pmylpcgfqo7i2fvho3edqolsump4rmcpvrfhw3z5nmyq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/251209-pwwgzahj2z/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/8346ac3b9e7b30b788c583be8d16a776c8383972a31fc8b04fac4a7b6f3d6b31

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8346ac3b9e7b30b788c583be8d16a776c8383972a31fc8b04fac4a7b6f3d6b31

(this sample)

Mirai

elf b1fc3983f0bc36b499b62f9259598228ea731bf8f42662d160d60a1d3927a2c6

URLhaus

https://urlhaus.abuse.ch/url/3726315/

Delivery method

Distributed via web download

Dropping

MD5 775ed9b0566dda3075f631de8621678d

Dropping

SHA256 b1fc3983f0bc36b499b62f9259598228ea731bf8f42662d160d60a1d3927a2c6

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample