MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8961686ad08adc4ac8609d42419b8059fdcb0e44ccfbf3b311e290fd6a9475e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8961686ad08adc4ac8609d42419b8059fdcb0e44ccfbf3b311e290fd6a9475e4
SHA3-384 hash: 141aa9910d271e032288dea56d79d76c3460b81ffa72e46acea6372c4e91b05708dee73f6e9f939db1416cf43034a19f
SHA1 hash: b81d7f400bf0a81791c21a2ccbd1d1d32314248a
MD5 hash: a0d2c8bf87e2a1d5559f36224b166c9b
humanhash: chicken-lactose-asparagus-washington
File name:oem.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:996 bytes
First seen:2025-02-16 10:41:48 UTC
Last seen:2025-06-05 17:48:45 UTC
File type: sh
MIME type:text/plain
ssdeep 24:8IEMenIEMy+IEMONIIhIEMkKSEIEMojIEMUl9qIEMo9TIEMGuIEM+KIEM6ZIEMK0:8IYnI8+IuhICxEISjIo9qIu9TIQuIIK+
TLSH T12C1143CD0695E63928E0CD4C30E98828A579AAC730614BDDAD5C0D7391969787E3BF0D
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.171.131.21/main_armbd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef Miraielf mirai
http://31.171.131.21/main_arm597744afb839e31ac5bccbd36751e49239bb28f8dc8543e016ad377ee0fd364a7 Miraielf mirai ua-wget
http://31.171.131.21/main_arm676beab1a2a1362ecb4f09a68480ec83be83b92bb4f325677a75d95f6ab7493ed Miraielf mirai ua-wget
http://31.171.131.21/main_arm78583dd8a912a6689b1b6a30662fb9756a4191d3a42dbf73761dcb9b9ef15f04f Miraielf mirai
http://31.171.131.21/main_m68k765d2fcd868547d56ca65d1a1607dbd716846ade55a21763c1ba27d6095d4c2f Miraielf mirai ua-wget
http://31.171.131.21/main_mips93c6360339aed0489885e7ffb51f591258b8f1b62b69a063c285197cd4d9b2a9 Miraielf mirai ua-wget
http://31.171.131.21/main_mpslc91a88f2fae16832f27cdd29511afa98b9bb4097f073a495911e577d2b147122 Miraielf mirai ua-wget
http://31.171.131.21/main_ppc71f26983cea8a321439fdb2413590211a2c0d34e961550f898981e7f3aec1570 Miraielf mirai ua-wget
http://31.171.131.21/main_sh4d844fb6df57d4339e1d970d417b21b422466e64e0ed1c6d586d9d11ad093f151 Miraielf mirai ua-wget
http://31.171.131.21/main_spc8b5ba26f0af7ae78f47f4167fce756a8905ac120193691062c230fdcf86da5bd Miraicensys elf mirai
http://31.171.131.21/main_x8662957dcecfdaa90da9e4d31191222a66efd760119b6b400f70fb34792692d038 Miraielf mirai ua-wget
http://31.171.131.21/main_x86_64a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b1c1c828ab76d43a5b3278linux22vpnfull_triage
Tags:
shellcode hype sage
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash lolbin mirai remote
Link:
https://www.filescan.io/uploads/67b1c10b991985e0a959c6dd/reports/8001a934-ba01-4107-b801-7f1d1e281769/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/8961686ad08adc4ac8609d42419b8059fdcb0e44ccfbf3b311e290fd6a9475e4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8961686ad08adc4ac8609d42419b8059fdcb0e44ccfbf3b311e290fd6a9475e4/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-02-16 10:42:18 UTC
File Type:
Text (Shell)
AV detection:
13 of 37 (35.14%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rfqwq2wqrloevsdatvbedg4alh64wdsezt57hmyr4kip22uuoxsa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250216-mrrbcasqdj/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8961686ad08adc4ac8609d42419b8059fdcb0e44ccfbf3b311e290fd6a9475e4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8961686ad08adc4ac8609d42419b8059fdcb0e44ccfbf3b311e290fd6a9475e4

(this sample)

Mirai

elf bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef

  
URLhaus
https://urlhaus.abuse.ch/url/3441563/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c6edcb298e7732b81b54bac412d0bc6c
  
Dropping
SHA256 bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef
  
URLhaus
https://urlhaus.abuse.ch/url/3441768/

Comments