MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99aa98d40814af564c229f1d2e674fbe3ef48dc338fbbd6224e10253b1af35f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99aa98d40814af564c229f1d2e674fbe3ef48dc338fbbd6224e10253b1af35f8
SHA3-384 hash: 9da8b394353ee1537fc63288ab0a96508b788e7cdbfc0910ae72bb14528a381c1f6aeaca036a1d6d865c6b2d7fc09a4a
SHA1 hash: 5a38478ce7757bd920f4f6b51146b14be6f68e28
MD5 hash: 30b61d9e154378cb7cce6089ec84d11b
humanhash: nevada-glucose-neptune-five
File name:w
Download: download sample
Signature Mirai
Create hunting rule
File size:1'983 bytes
First seen:2025-05-07 14:32:59 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:ihdHAPNIM022ikxKCN+XDXnKDqmIyndHANNIM024ikxKMT+JDJ5MDsmeh:S1A4DpxwuDx1AOtpx2kJM
TLSH T155416ECE1BB05761085BCC8220E58FC9B30896EF21445EDCE68C157E4AC9DE6756BEF8
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.191.243.33/most-arm0dce1881f5120bd71343573cca5cacb52630c2768fa45bf5498f69c80d303a15 Miraielf mirai moobot
http://160.191.243.33/most-arm5437057efefd5c80a0278295a72b8a033f844c0d3e728d4d7c57bb89da69feea0 Miraielf mirai moobot
http://160.191.243.33/most-arm6c0d756ea0c5a4dacd3b6fe8e564218acaa0bdb479260131ddbccbc0a17fe2521 Miraielf mirai moobot
http://160.191.243.33/most-arm740bfa14aadc4aa4067ec27b05e84c2a06b02edc652cff3fa0dd9124d7312f35e Miraielf mirai moobot
http://160.191.243.33/most-m68k97333d7b23788893aa5bf17a82c18995589b9d48bd9aecd7b172d1f9b7d29ef4 Miraielf mirai moobot
http://160.191.243.33/most-mips456855a10afc3beeb9bdeab453cf52167642032ea250e16e9419327201de39d3 Miraielf mirai moobot
http://160.191.243.33/most-mpslad4ea2e99092e2e5511993c37051c6c18767464b93b5ddf9b5fdb87565b62ac0 Miraielf mirai moobot
http://160.191.243.33/most-ppcn/an/aelf mirai moobot
http://160.191.243.33/most-sh4b27b57e2653db26cc94c9032b9c60c73e4a97cae758c00105ee879c7fc787060 Miraielf mirai moobot
http://160.191.243.33/most-spcn/an/aelf mirai moobot
http://160.191.243.33/most-x86d2dc63cb392e472255dc0024a9e41f2f156e4b016b98bcd65e40124d551d131a Miraielf mirai moobot
http://160.191.243.33/most-x86_6437655e6676ef77fe577eb4ad5ff1562290bec739bef988fc6aeb36f9802a6700 Miraielf mirai moobot

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=681b73e76c95617a27b5ceedlinux22vpnfull_triage
Tags:
mirai virus shell html
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/681b6f310b64e174c41c118c/reports/bbcc70b5-96d3-427e-bf9c-c2cee56ae9af/overview
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/99aa98d40814af564c229f1d2e674fbe3ef48dc338fbbd6224e10253b1af35f8
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/99aa98d40814af564c229f1d2e674fbe3ef48dc338fbbd6224e10253b1af35f8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99aa98d40814af564c229f1d2e674fbe3ef48dc338fbbd6224e10253b1af35f8/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-04-29 10:53:05 UTC
File Type:
Text (Shell)
AV detection:
15 of 36 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tgvjrvaicsxvmtbct4os4z2pxy7pjdodhd532yre4ebfhmnpgx4a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250507-r9fpsasyb1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/99aa98d40814af564c229f1d2e674fbe3ef48dc338fbbd6224e10253b1af35f8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 99aa98d40814af564c229f1d2e674fbe3ef48dc338fbbd6224e10253b1af35f8

(this sample)

Mirai

elf 1fe1fe48f400569f987fbaa07e6ccc14733d1ca7f09b525f1137e35145b9e66a

  
URLhaus
https://urlhaus.abuse.ch/url/3537820/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6075ea90adbef66772a8c43bf2212b27
  
Dropping
SHA256 1fe1fe48f400569f987fbaa07e6ccc14733d1ca7f09b525f1137e35145b9e66a

Comments