MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8901320413776f43a0e6325662ec9ecf41fd420c430aa5b810cc183d6b7164e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8901320413776f43a0e6325662ec9ecf41fd420c430aa5b810cc183d6b7164e6
SHA3-384 hash: ed56aab0a3495e95f20ee1a71dcad2bc20a63de7ede2ef633e9a9c2a6729ff7478a20b4325c02554a68405a1bb823c25
SHA1 hash: 7c28d5498dc5c6d2f5c76b999378e5f9e65c5969
MD5 hash: d48198c9b97b6b78fd71f39e6c9f7e7d
humanhash: winner-yellow-oranges-idaho
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:765 bytes
First seen:2025-05-10 11:22:45 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:6fKNQj+JfK0q+JfKwNIl5zA+JfKBf0LKj+JfKR+Os+JfKkC+JfKja/+JfKjSE+JV:GKNQyK0xKwNI7PKwKyKR+kKk5KjaGKji
TLSH T1F801ED9D2321568ACA0C9E0870AA4E84975A83C2BD74CF59AC5C88F76CD5E01B06CF7F
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://161.248.238.20/arm9fd108226aab5d7005fe4303e69b5fbf4b1ff270613c1685d116daee9c2e8528 Miraielf mirai
http://161.248.238.20/arm51287fbbd15e8d6cc65a79981ef8cb83d7c13c126eb9787de9c7e9c5004bad361 Miraielf mirai
http://161.248.238.20/arm6f2345b8170a71cc6be7e0a19600a548c0d089dbd8452023f6f56b1129b8dcc78 Miraielf mirai
http://161.248.238.20/arm7e68562225a4e166f921edd78639758bfcbcce0264d60bb2fd18eb5d4a3071df7 Miraielf mirai
http://161.248.238.20/m68k66106fd382ec4be451b29281c7db9d1ecb85f094fd08038dde2c04a34b4e1ddb Miraielf mirai
http://161.248.238.20/mips6604b4f132ebfdbf424982f0fb1decd338528a1c351ef409f01c14d5ab048201 Miraielf mirai
http://161.248.238.20/mpsl26f2fa26f7e92d6e395add649623e975baf3bdc0daeb1cce0e71bf62d4150d2f Miraielf mirai
http://161.248.238.20/ppc77f557c5356d83a4a842513ec5c6fcacec8296d089885f9d1b14acc177ece082 Miraielf mirai
http://161.248.238.20/sh49e7a10dc18a47be06fd12b7e4ff446dcc41f3cdd288d03d515f4c575b3e3a9a7 Miraielf mirai
http://161.248.238.20/spcn/an/an/a
http://161.248.238.20/x86e9faf47cb75df4be265a97065ec8d5b786ff7fedf881b99119bf20eb3f6772fb Miraielf mirai
http://161.248.238.20/x86_648ab38316dd9c8b70c1e4d601770ba222b4c5f342a772681e1763910be14170c4 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=681f38264a59e5a2ce038c4dlinux22vpnfull_triage
Tags:
trojan mirai agent virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/681f371ec7418694c8a85fe1/reports/974ece4e-cf71-4363-b3f4-e5ceabdd41a6/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8901320413776f43a0e6325662ec9ecf41fd420c430aa5b810cc183d6b7164e6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8901320413776f43a0e6325662ec9ecf41fd420c430aa5b810cc183d6b7164e6/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-05-10 06:22:55 UTC
File Type:
Text (Shell)
AV detection:
18 of 37 (48.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=reatebato5xuhihggjlgf3e6z5a72qqmimfkloaqzqmd223rmtta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250510-ng65gsxtcx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8901320413776f43a0e6325662ec9ecf41fd420c430aa5b810cc183d6b7164e6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8901320413776f43a0e6325662ec9ecf41fd420c430aa5b810cc183d6b7164e6

(this sample)

Mirai

elf 9fd108226aab5d7005fe4303e69b5fbf4b1ff270613c1685d116daee9c2e8528

  
URLhaus
https://urlhaus.abuse.ch/url/3540429/
  
Delivery method
Distributed via web download
  
Dropping
MD5 939fb9ad3d3b4eb1a475ceb468d2b123
  
Dropping
SHA256 9fd108226aab5d7005fe4303e69b5fbf4b1ff270613c1685d116daee9c2e8528

Comments