MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9855edd200129e4c3ca49395eaa947a72c81fe778c779c71e5fad51cec8420f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9855edd200129e4c3ca49395eaa947a72c81fe778c779c71e5fad51cec8420f2
SHA3-384 hash: 20a76e5105c436ddddeefed46032f9a431faf48df38dce7c4f645035e36754cdec0b76d6fc9902c006275e85f95f4af1
SHA1 hash: 7ab396d3e75dedade851dec3490bf34348556d85
MD5 hash: fb8c09bd2a138353b78232e41168b214
humanhash: delta-eleven-delta-juliet
File name:n3881.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:552 bytes
First seen:2025-02-10 16:41:35 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:NE8bMQGkEd8k71EkKyEXYEqX3HGKziNIxEnXdPka+EkX0:NE8gQGkEGk71EkSoEqnHGKziNIxEntPF
TLSH T168F0128941922E8A886D9CB5F6F724657011C6CAE7174ECBFC494539CC4FA68FD34A88
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.167.35/nabmips464b767532880910ad5a615225792238f340f8c020f31599b39bc1e3fc97209d Miraielf mirai ua-wget
http://94.156.167.35/nabmpsl7d6b75313802c35f95c5ce6d1357f1631f1987e844221b3a2233610687da5b3d Miraielf mirai ua-wget
http://94.156.167.35/nabarmffe4b4ff099a31da367a0360163f2bde0d1efbdd6743fc7bf17f327c75f9a723 Miraielf mirai ua-wget
http://94.156.167.35/nabarm535834118dd946a4d7599aff4f82ff1ce7be63e425e83aa451cc8ad4a3f141570 Miraielf mirai ua-wget
http://94.156.167.35/nabarm635834118dd946a4d7599aff4f82ff1ce7be63e425e83aa451cc8ad4a3f141570 Miraielf
http://94.156.167.35/nabarm743d0e79e74369d5118a66c252fa5fd8f06a2866505850807e9b8ed699b0f2aad Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67aa2ca849f32dfb0d82dc38linux22vpnfull_triage
Tags:
n/a
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/9855edd200129e4c3ca49395eaa947a72c81fe778c779c71e5fad51cec8420f2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9855edd200129e4c3ca49395eaa947a72c81fe778c779c71e5fad51cec8420f2/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-02-10 16:42:24 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tbk63uqackpeypfesok6vkkhu4wid7txrr3zy4pf7lkrz3eeedza._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250210-t7r15syjf1/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9855edd200129e4c3ca49395eaa947a72c81fe778c779c71e5fad51cec8420f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9855edd200129e4c3ca49395eaa947a72c81fe778c779c71e5fad51cec8420f2

(this sample)

Mirai

elf 464b767532880910ad5a615225792238f340f8c020f31599b39bc1e3fc97209d

  
URLhaus
https://urlhaus.abuse.ch/url/3434989/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ac0a7503600160df2d8c6be8e861ae64
  
Dropping
SHA256 464b767532880910ad5a615225792238f340f8c020f31599b39bc1e3fc97209d

Comments