MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8bc9347242ec4feb6f8de066e52867df7db691346a63a52f2a9f7af5930617dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8bc9347242ec4feb6f8de066e52867df7db691346a63a52f2a9f7af5930617dd
SHA3-384 hash: 6daa0c5d0ce71e60b7322e2e618c3c17f58fafcb61ec0b010fe97fdf35743dbe1bb6d66874e1abf659bd1193da4e07c5
SHA1 hash: 414b4b5c9fdee4a03faeb027d5914fd980abe607
MD5 hash: 2f43e3ed916134d9e7de4f2fb7dd88fd
humanhash: autumn-bakerloo-victor-ink
File name:fent.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:766 bytes
First seen:2025-12-06 19:41:09 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:uO3Slz3AJOKOhlzK/FFwO4lzlLi/QlTU9NW/tgxzjxF4wu1pJLK8/NlMI:uQAAJXcc/hvW2JF4tFP/gI
TLSH T15001929E1633548B41199C5AB3931E60E8909F8D31DA8BE8BC8C427484CE59D717DFD5
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.130.215.101/fentarm593c72c14a641ece969328d2fd80007bf30fa21d49a11d56b14897a2986ef2fa3 Miraielf mirai ua-wget
http://103.130.215.101/fentarm6eaa309b92a89dd60f3311e42046799531d4fd1fd8253ddc7cacd0f6fa93c29cd Miraielf ua-wget
http://103.130.215.101/fentarm732413d515495a8f6d81d345281a36319eb14de66c15f3eea959f975b6dd47a30 Miraielf ua-wget
http://103.130.215.101/fuckarmsmokefent0164cee6bdb1687f2b0d532ee7e8758c1cbe79cc9b218bf471cb1567e584f62d Miraielf ua-wget
http://103.130.215.101/nipple127420243465ddcedcba0e3fd3912520f0d0de0e69c7d04d63dd837efca0c2f3 Miraielf ua-wget
http://103.130.215.101/titty94f88543225d85152a2710279e4aa03a09ca36721e6b95a77fa44cae52001b7c Miraielf ua-wget
http://103.130.215.101/systemctl05ad2eed24a18a8c21c8de8f142aa3ff6f1fe281cb442644de426a7fa6920e42 Miraielf ua-wget
http://103.130.215.101/fentshn/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/693486f8bba50eaf042487c7/reports/f2a4cc07-f54a-4923-9c4a-6a3ae19f0294/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-06T18:02:00Z UTC
Last seen:
2025-12-07T02:05:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8bc9347242ec4feb6f8de066e52867df7db691346a63a52f2a9f7af5930617dd/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8bc9347242ec4feb6f8de066e52867df7db691346a63a52f2a9f7af5930617dd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8bc9347242ec4feb6f8de066e52867df7db691346a63a52f2a9f7af5930617dd/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-06 19:42:30 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rpeti4sc5rh6w34n4btokkdh3563nejunjr2klzkt55pleygc7oq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251206-yeqd3aslbv/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8bc9347242ec4feb6f8de066e52867df7db691346a63a52f2a9f7af5930617dd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8bc9347242ec4feb6f8de066e52867df7db691346a63a52f2a9f7af5930617dd

(this sample)

Mirai

elf eaa309b92a89dd60f3311e42046799531d4fd1fd8253ddc7cacd0f6fa93c29cd

  
URLhaus
https://urlhaus.abuse.ch/url/3728078/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f0fa8453d07b7cfbc2cd9af1eab7d39c
  
Dropping
SHA256 eaa309b92a89dd60f3311e42046799531d4fd1fd8253ddc7cacd0f6fa93c29cd

Comments