MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 958ff4be50e5476e4f035f9c944ce43363fdd48160af7dd4c29b3a421467f7cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	958ff4be50e5476e4f035f9c944ce43363fdd48160af7dd4c29b3a421467f7cd
SHA3-384 hash:	7951feb08b15181724d5fbb31e27fc2decee7fbd5325a0fbdf5314e7a2afd00ddc850ba6b6896b3ab470eb177f1e42f8
SHA1 hash:	07579e509db09fb9e9d360a2ce8e03ed6eeac19a
MD5 hash:	3f47e13f2d5417c484a854aab1d957bf
humanhash:	social-magnesium-pasta-item
File name:	sm
Download:	download sample
Signature	Mirai Create hunting rule
File size:	193 bytes
First seen:	2025-10-14 06:18:34 UTC
Last seen:	2025-10-15 04:21:30 UTC
File type:	sh
MIME type:	text/plain
ssdeep	3:zBMXBgHrwVoyGjWL4UdQCa8BzSOVxZaFkdpUXWL4UdQC/FGBzSOLQFLzFkH9wWJ:tfLwVIjZELLaFksXZEfGpQ3Fk2O
TLSH	T1F4C012EF6891370848E0BD4A3162440D782A828678960796F98C1476C05C508F011B53
Magika	batch
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://23.177.185.39/gmips	7ad355b06d01dd98b4eb6edb6415cd4642d328a2925ec3cd70ebf6b871ffc04e	Mirai	elf geofenced mips mirai ua-wget USA
http://23.177.185.39/gmpsl	ba80287beeb7e1e12ee4af4cd70084a313da19733bc37bb52d8e79ecbc0b48ba	Mirai	elf geofenced mips mirai ua-wget USA

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68edebbd4f3013c55e4cf13f/reports/7d5fe3fb-6d10-4378-aef6-98444348c4a5/overview

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-10-14T03:40:00Z UTC

Last seen:

2025-10-14T10:23:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/958ff4be50e5476e4f035f9c944ce43363fdd48160af7dd4c29b3a421467f7cd/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/4a25e961-dbd9-404e-9bb9-4be079471ff7

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/958ff4be50e5476e4f035f9c944ce43363fdd48160af7dd4c29b3a421467f7cd

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/958ff4be50e5476e4f035f9c944ce43363fdd48160af7dd4c29b3a421467f7cd/

Threat name:

Script-Shell.Downloader.Heuristic

Status:

Malicious

First seen:

2025-10-14 07:09:51 UTC

File Type:

Text (Shell)

AV detection:

7 of 38 (18.42%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=swh7jpsq4vdw4tydl6ojithegnr73vebmcxx3vgctm5eefdh67gq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251014-g4ynaszmt8/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/958ff4be50e5476e4f035f9c944ce43363fdd48160af7dd4c29b3a421467f7cd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.