MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9ea4b0e673068a9c8222db51de183b56fc1ed10838a0dd6f530cffe0037c52c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9ea4b0e673068a9c8222db51de183b56fc1ed10838a0dd6f530cffe0037c52c
SHA3-384 hash: a4498f7e4a59ae6a85c8b7540e1808964f7cfc1db66a30ce60cad3da8d72f3eeafc0b3bbd51e34e4b51e20b3790a3676
SHA1 hash: 14d81f7cd3c78ab3d15ed06823319fdbe2434e3b
MD5 hash: 3498b3d8022179a6c872d2228120411f
humanhash: mockingbird-red-maine-colorado
File name:massload
Download: download sample
Signature Mirai
Create hunting rule
File size:1'944 bytes
First seen:2025-12-01 16:44:20 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:z5EMy0MBDCeJ8jE6P1iI3SKXRCyCeyJ3G3oiLi6UgHgugHgivBcBSKXV6/K5m58z:z56VCeaODkCNKNHSH9Pou8GPi
TLSH T12B4197EAA8A16F735D81EF0870230F1D600FA5C656910BADDF6E2C39FEBC90E7014645
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://23.132.164.16/mips8129829a444c137ef5432783e5f9560693dbb9c0201f70167a3843a5f7964bad Miraielf mirai ua-wget
http://23.132.164.16/mpsld0986c336af6e6d82a47300244c28d0b546d5fb8dba15bd8356b9aa0803680b9 Miraielf mirai ua-wget
http://23.132.164.16/arm4cbb7583e642fe0d7778ed8548f3940a4028d769f1e83e24128d24b00aaea829a Miraielf mirai ua-wget
http://23.132.164.16/arm5f475787d6e2f64cb03a8d890ef432e2da4c94f1ad10617259927d9b06b868a2b Miraielf mirai ua-wget
http://23.132.164.16/arm73a669e4cd47445902a7efe698bb215d55bfaefc1c570e9044865e3470b312fc7 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Labled as:
Trojan[Downloader]/Shell.Agent
Link:
https://www.hybrid-analysis.com/sample/a9ea4b0e673068a9c8222db51de183b56fc1ed10838a0dd6f530cffe0037c52c
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-01T21:04:00Z UTC
Last seen:
2025-12-01T21:43:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/a9ea4b0e673068a9c8222db51de183b56fc1ed10838a0dd6f530cffe0037c52c/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a9ea4b0e673068a9c8222db51de183b56fc1ed10838a0dd6f530cffe0037c52c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a9ea4b0e673068a9c8222db51de183b56fc1ed10838a0dd6f530cffe0037c52c/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-12-01 17:11:03 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vhvewdthgbuktsbcfw2r3ymdwvx4d3iqqofa3vxvgdh74abxyuwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/a9ea4b0e673068a9c8222db51de183b56fc1ed10838a0dd6f530cffe0037c52c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a9ea4b0e673068a9c8222db51de183b56fc1ed10838a0dd6f530cffe0037c52c

(this sample)

Mirai

elf 8129829a444c137ef5432783e5f9560693dbb9c0201f70167a3843a5f7964bad

  
URLhaus
https://urlhaus.abuse.ch/url/3718750/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bff774ef41512eb9d2d9c5d9137a1e7c
  
Dropping
SHA256 8129829a444c137ef5432783e5f9560693dbb9c0201f70167a3843a5f7964bad

Comments