MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b3d306b8b974a3105e51286c8aa97a9d696945771c3dd205e0a6d1d52a88b9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b3d306b8b974a3105e51286c8aa97a9d696945771c3dd205e0a6d1d52a88b9c
SHA3-384 hash: cd8f843d351f566da506d25ebd9752cf62d45d42a60193623dce1423179b2120896c8fb15bd4bdc6e5d58e9f5f79a8c8
SHA1 hash: d8551cc834cbdc4124dfc6a2808042bd3591d3dd
MD5 hash: 021a944a2f25c571e1801f271b30250e
humanhash: nevada-cola-social-sixteen
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:888 bytes
First seen:2025-02-16 10:41:46 UTC
Last seen:2025-02-17 14:10:04 UTC
File type: sh
MIME type:text/plain
ssdeep 24:3J3vzBQTvxNIIYdKSFIo6IMTl9TIo9KT/KcT//A/+z/HA:tzBQTvlYdxFIo6IMx9TIo9KT/KcT//AP
TLSH T186112A8E07AAD3462E9DDD1C70AE850CAB71A2C670714756FD2448735096218387AF6E
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.171.131.21/arma853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/arm5a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/arm6a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/arm7a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/m68ka853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/mipsa853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/mpsla853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/ppca853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/sh4a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/spca853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/x86a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a
http://31.171.131.21/x86_64a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Mirain/a

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b1c1c528ab76d43a5b326clinux22vpnfull_triage
Tags:
trojan agent hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67b1c10921602376c582aea4/reports/b4e584e5-7b35-4aaa-8304-15ccf0cf4fbb/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/9b3d306b8b974a3105e51286c8aa97a9d696945771c3dd205e0a6d1d52a88b9c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b3d306b8b974a3105e51286c8aa97a9d696945771c3dd205e0a6d1d52a88b9c/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-02-16 10:42:17 UTC
File Type:
Text (Makefile)
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tm6ta24ls5fdcbpfckdmrkuxvhljnfcxohb52ic6bjwr2uvirooa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/250216-mrrbcatjdv/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9b3d306b8b974a3105e51286c8aa97a9d696945771c3dd205e0a6d1d52a88b9c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9b3d306b8b974a3105e51286c8aa97a9d696945771c3dd205e0a6d1d52a88b9c

(this sample)

Mirai

elf a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25

  
URLhaus
https://urlhaus.abuse.ch/url/3441561/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3441774/
  
Dropping
MD5 b7426f5491e33f87e38a6a77bc1052ce
  
Dropping
SHA256 a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25

Comments