MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8865272b1f43638a68066ffced66dd5b17ae722c20c4d7087ec4503b77f6a7d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8865272b1f43638a68066ffced66dd5b17ae722c20c4d7087ec4503b77f6a7d3
SHA3-384 hash: 2fbc0573a332ad1c884f8203ef6b722101291b2056a2d64cf6a6e54b5be5d6bcb9eb47630707e28a2a58648e92696877
SHA1 hash: f0a1c47c4fd368c4f2b4df739e30ba617ddaf05e
MD5 hash: 9d8538673d605abbb8adfb076e0bea0a
humanhash: glucose-virginia-tennis-ceiling
File name:m
Download: download sample
Signature Mirai
Create hunting rule
File size:962 bytes
First seen:2025-04-29 03:57:51 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3rWKIw+u5ZMoOF7+MB05xZmVTPZmVgDNksNZZmXIjDPZmXIMDNksNZZmnPZmUDNm:yRk5zOt+MB0QkUqpnkUckUV3PykUd
TLSH T1891104CF12A9CC3624818EEDB5D39B647889CCD61EC74EC9A48E0165B5CCD1C74A0E9A
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.188.82.240/skid.arm0d69826a2d0861d1a22985cadf7df3693ff97c110df1ec8d90ca3b4a3f5f53aa Miraielf mirai
http://103.188.82.240/skid.arm5n/an/aelf mirai
http://103.188.82.240/skid.arm6n/an/aelf
http://103.188.82.240/skid.arm79af6d65181a6f3a7d75443586c298a27904083ee7a931a8d4601625fc4ca016f Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68105190cc5fb3600cc43925linux22vpnfull_triage
Tags:
downloader mirai agent hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
expand lolbin remote
Link:
https://www.filescan.io/uploads/68104e4f218c4a98ade68e42/reports/8ac37465-b287-4a91-8c64-e0b57777c03d/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8865272b1f43638a68066ffced66dd5b17ae722c20c4d7087ec4503b77f6a7d3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8865272b1f43638a68066ffced66dd5b17ae722c20c4d7087ec4503b77f6a7d3/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-04-29 04:00:16 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rbssoky7inryu2agn76o2zw5lml244rmedcnocd6yridw57wu7jq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250429-ekpj6stwev/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8865272b1f43638a68066ffced66dd5b17ae722c20c4d7087ec4503b77f6a7d3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8865272b1f43638a68066ffced66dd5b17ae722c20c4d7087ec4503b77f6a7d3

(this sample)

Mirai

elf 27f17c3a0788772b007a1a73f7d17e59b7315336e8d0a6d86858cd4260914d82

  
URLhaus
https://urlhaus.abuse.ch/url/3524647/
  
Delivery method
Distributed via web download
  
Dropping
MD5 7a4c6659930f27be0a0dfb273ae4bb0d
  
Dropping
SHA256 27f17c3a0788772b007a1a73f7d17e59b7315336e8d0a6d86858cd4260914d82

Comments