MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a13ee7d61053af6534c6988753f783133c81bab6c662587d9521d6439a75e85e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a13ee7d61053af6534c6988753f783133c81bab6c662587d9521d6439a75e85e
SHA3-384 hash: b060f85e6deec888ac4068393ad14b3f67f3593ca329184a2c7f58d602eae5c2cd24e6b380cc02b32226fccd43585635
SHA1 hash: 337407d58f3efc4bfa0ac3a98c557e215873316d
MD5 hash: da92c072291a1f9639be3191f117baae
humanhash: coffee-tango-december-leopard
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:766 bytes
First seen:2025-11-18 17:40:11 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:67Zmj+h7Z4q+h7ZMNIl5zA+h7Zt0LKj+h7ZjgOs+h7Z4C+h7Zfa/+h7Z3SE+h7ZX:69mm94h9MNI7j9UKm9jgc9459fa693Sx
TLSH T194011E9D21305685084C8F08706A869497FEB3DA78B89F59685708F36CDC644F258F9F
Magika asm
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://139.59.247.208/armn/an/aelf ua-wget
http://139.59.247.208/arm5n/an/aelf ua-wget
http://139.59.247.208/arm6n/an/aelf ua-wget
http://139.59.247.208/arm7n/an/aelf ua-wget
http://139.59.247.208/m68kn/an/aelf ua-wget
http://139.59.247.208/mipsn/an/aelf ua-wget
http://139.59.247.208/mpsln/an/aelf ua-wget
http://139.59.247.208/ppcn/an/aelf ua-wget
http://139.59.247.208/sh4n/an/aelf ua-wget
http://139.59.247.208/spcn/an/aelf ua-wget
http://139.59.247.208/x86n/an/aelf ua-wget
http://139.59.247.208/x86_64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/691cafbb69ac834d3c71043e/reports/fdc60f60-2d0e-4af9-83aa-a6e90c14cc74/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-11-18T16:15:00Z UTC
Last seen:
2025-11-18T16:38:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/a13ee7d61053af6534c6988753f783133c81bab6c662587d9521d6439a75e85e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ad91d4d7-a6e9-49dc-9873-5a9ceaad5410
Behavior Graph:
Download SVG
%3 guuid=518a1fa7-1800-0000-04bd-72b15d070000 pid=1885 /usr/bin/sudo guuid=5ac430aa-1800-0000-04bd-72b165070000 pid=1893 /tmp/sample.bin guuid=518a1fa7-1800-0000-04bd-72b15d070000 pid=1885->guuid=5ac430aa-1800-0000-04bd-72b165070000 pid=1893 execve guuid=48b9ccaa-1800-0000-04bd-72b166070000 pid=1894 /usr/bin/wget guuid=5ac430aa-1800-0000-04bd-72b165070000 pid=1893->guuid=48b9ccaa-1800-0000-04bd-72b166070000 pid=1894 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a13ee7d61053af6534c6988753f783133c81bab6c662587d9521d6439a75e85e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a13ee7d61053af6534c6988753f783133c81bab6c662587d9521d6439a75e85e/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-18 17:40:46 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ue7opvqqkoxwknggtcdvh54dcm6idovwyzrfq7mvehlehgtv5bpa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251118-v887gsxney/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a13ee7d61053af6534c6988753f783133c81bab6c662587d9521d6439a75e85e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a13ee7d61053af6534c6988753f783133c81bab6c662587d9521d6439a75e85e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3711549/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3711554/

Comments