MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 870e33b473e851aed35095627204bd2ed7104812305361cf54df5e7b4d883d6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 870e33b473e851aed35095627204bd2ed7104812305361cf54df5e7b4d883d6b
SHA3-384 hash: c0342421473aecb7e92667850ad70f66578b80ce99629754423bc6008eba6d5d300c3f8eb844803b10d33d3535be1ec8
SHA1 hash: 1d9aaf862f813c7d553d372887d482bfbad56ac8
MD5 hash: 0a1fc4934e03222e814b088ebaf4206b
humanhash: jig-monkey-friend-eleven
File name:mass
Download: download sample
Signature Mirai
Create hunting rule
File size:2'492 bytes
First seen:2025-10-13 05:37:57 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:I9DdrS0H71NI7SkgdKKXJogclHg//YetDff5YU7nNaxtY+lsPz9ag26Naxt3:SdS0HES5Qatp//ltDZYWH++PzB26A
TLSH T1345194CF1820533A150E9E2F6375D8AC620395B3A59F4EA5DDF848259BCCE65BD8CF04
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://192.142.53.127/armn/an/aMozi
http://192.142.53.127/arm5f778e3737ad3ef79706bcf35f18d38dc068b7e1530b75d82a60315cb6e1443cb Miraiarm elf geofenced mirai ua-wget USA
http://192.142.53.127/arm6e48469fdf3f1a8c1db70d059c6ed544a40cbae094f9b31e5fb885f254b27c1ee Miraiarm elf geofenced mirai ua-wget USA
http://192.142.53.127/arm751ee1e61eac7a0dfdc1fd42ca93676cbe73f288e5e3c9d81509855d6d184845a Miraiarm elf geofenced mirai ua-wget USA
http://192.142.53.127/i48621e8420e2bce3849c7a769a7528c74f53a5add799606399b056f9090347ce6c4 Miraielf geofenced mirai ua-wget USA x86
http://192.142.53.127/i686987c294af82c88d806e02abac01cb3f955533c4ea38c7fe664b84696d902f03a Miraielf geofenced mirai ua-wget USA x86
http://192.142.53.127/m68k87d56ee88baea0191d2bec7a2abb41cb74b3f2f2b976a2e197f56d20f24a3e61 Miraielf geofenced m68k mirai ua-wget USA
http://192.142.53.127/mipse19458cf891d7e14ad4b0b6e8fa8fef6066daf953f1d795085fa7309d3c7949d Miraielf geofenced mips mirai ua-wget USA
http://192.142.53.127/mpsl234c1476e7002c92f77d72c166719a9db67c677c13d31d7aef445f9565dcf5c8 Miraielf geofenced mips mirai ua-wget USA
http://192.142.53.127/ppc1e32f52dc84d341a165fae5e310f86ccc5f9970c898659149218ec31b9640ed4 Miraielf geofenced mirai PowerPC ua-wget USA
http://192.142.53.127/sh4769c08447897057176f994fee999fdeee673535ffe3f1d639060a1fdff17bfb8 Miraielf geofenced mirai SuperH ua-wget USA
http://192.142.53.127/spc6c6df42a6934cf566583861f7870d55f1e09d46ece58396af6a81cf1b16ff881 Miraielf geofenced mirai sparc ua-wget USA
http://192.142.53.127/x86138370145564ddb2b40f875b28a365134567f6865bbcecd08de5a782a3252128 Miraielf geofenced mirai ua-wget USA x86
http://192.142.53.127/x86_64215ca8d287d9eb62a0823a4de5a6545d87453e41872f14bdd8047cab035831b1 Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-13T03:50:00Z UTC
Last seen:
2025-10-13T04:45:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/870e33b473e851aed35095627204bd2ed7104812305361cf54df5e7b4d883d6b/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/870e33b473e851aed35095627204bd2ed7104812305361cf54df5e7b4d883d6b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/870e33b473e851aed35095627204bd2ed7104812305361cf54df5e7b4d883d6b/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-13 05:45:35 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q4hdhndt5bi25u2qsvrhebf5f3lrasasgbjwdt2u35phwtmihvvq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:botnet antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/251013-geeh5avxcx/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/870e33b473e8/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.11
Link:
https://yomi.yoroi.company/submissions/870e33b473e851aed35095627204bd2ed7104812305361cf54df5e7b4d883d6b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 870e33b473e851aed35095627204bd2ed7104812305361cf54df5e7b4d883d6b

(this sample)

Mirai

elf e48469fdf3f1a8c1db70d059c6ed544a40cbae094f9b31e5fb885f254b27c1ee

  
URLhaus
https://urlhaus.abuse.ch/url/3670449/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f0c5e72867182dc250b72553cb210795
  
Dropping
SHA256 e48469fdf3f1a8c1db70d059c6ed544a40cbae094f9b31e5fb885f254b27c1ee

Comments