MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9edf23eaa1d914d4e02f218d4af60583d3544f00380dca48f7a9cbb21b28a4c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9edf23eaa1d914d4e02f218d4af60583d3544f00380dca48f7a9cbb21b28a4c8
SHA3-384 hash: 706dd5d58351898fc2ffc37ebe35f946113706b8725e258367e210904e35c3d9fc944afa23af8d9e4020be4868d75d1a
SHA1 hash: 6d00ab97ee92515cda3bcd28dbb758be816370b4
MD5 hash: 8bdc730edf6d2328fdcb9a48465a04e8
humanhash: december-happy-magazine-leopard
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:957 bytes
First seen:2025-08-20 16:16:02 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:BiV+jxCWE+PNI9kxwA+UySKxWH+6yF+nPC+BkV+Xjv+1xRI4qKA+2Je+Mx7+cA+h:kaRNIqBKx0961xgROxn
TLSH T19F115E9E62642285005ACDC63A9E0D045F8ACBD1E8ACDB35ADF40FB754D7624B45CF0B
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://74.201.28.102/bins/bot.armn/an/an/a
http://74.201.28.102/bins/bot.arm5n/an/an/a
http://74.201.28.102/bins/bot.arm6n/an/an/a
http://74.201.28.102/bins/bot.arm7n/an/an/a
http://74.201.28.102/bins/bot.m68kn/an/an/a
http://74.201.28.102/bins/bot.mipsn/an/an/a
http://74.201.28.102/bins/bot.mpsln/an/an/a
http://74.201.28.102/bins/bot.ppcn/an/aelf
http://74.201.28.102/bins/bot.sh4n/an/aelf
http://74.201.28.102/bins/bot.spcn/an/an/a
http://74.201.28.102/bins/bot.x86n/an/an/a
http://74.201.28.102/bins/bot.x86_64n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30755.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68a5f514a4bdac9f5ba10d36/reports/eef3f26c-497b-457b-a2b5-5efdb05fea59/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a51dc9d0-6098-484f-841a-5a5e940801aa
Behavior Graph:
Download SVG
%3 guuid=5e1925e9-1a00-0000-4d1b-9359650b0000 pid=2917 /usr/bin/sudo guuid=a687cfed-1a00-0000-4d1b-9359670b0000 pid=2919 /tmp/sample.bin guuid=5e1925e9-1a00-0000-4d1b-9359650b0000 pid=2917->guuid=a687cfed-1a00-0000-4d1b-9359670b0000 pid=2919 execve guuid=937a70ee-1a00-0000-4d1b-93596a0b0000 pid=2922 /usr/bin/wget guuid=a687cfed-1a00-0000-4d1b-9359670b0000 pid=2919->guuid=937a70ee-1a00-0000-4d1b-93596a0b0000 pid=2922 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9edf23eaa1d914d4e02f218d4af60583d3544f00380dca48f7a9cbb21b28a4c8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9edf23eaa1d914d4e02f218d4af60583d3544f00380dca48f7a9cbb21b28a4c8/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/9edf23eaa1d914d4e02f218d4af60583d3544f00380dca48f7a9cbb21b28a4c8
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-08-20 16:09:49 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t3psh2vb3eknjybpegguv5qfqpjvityahag4ushxvhf3egziutea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250820-trpabahn3x/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9edf23eaa1d914d4e02f218d4af60583d3544f00380dca48f7a9cbb21b28a4c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9edf23eaa1d914d4e02f218d4af60583d3544f00380dca48f7a9cbb21b28a4c8

(this sample)

32d0aa3ced98ba184a5fc383c7e74b39895fc45abfb6738935b370c2cc88e486

  
URLhaus
https://urlhaus.abuse.ch/url/3607396/
  
Delivery method
Distributed via web download
  
Dropping
MD5 4902cfad4497fac4083e1c80012c2f6e
  
Dropping
SHA256 32d0aa3ced98ba184a5fc383c7e74b39895fc45abfb6738935b370c2cc88e486

Comments