MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab81b87819ffa77df34ceb81137a9dfe705ad7531ecb681c5856f88ce8d3a510. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab81b87819ffa77df34ceb81137a9dfe705ad7531ecb681c5856f88ce8d3a510
SHA3-384 hash: d6bdc86048396a496246b3a31c2bb8e90c938d1485a6f0e4fd6b99a3aa48cd6aae5eca3019a525308f20d05a1b4f2a7e
SHA1 hash: 0baf55512ae068adc7db30974b0f05351dfa9129
MD5 hash: 359ff0bef4ab7718a8b094c4cbc0d2c2
humanhash: summer-three-avocado-white
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:948 bytes
First seen:2025-11-28 05:12:49 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3iBjxM3XwxaNIBSkAxnoKSuxYxH0KAxmuQlaqxYl9ExwhxoF3lqjxOTxyMAxS2:3J3iBYtNIImKSxTVuqabl9xWq4/PV4n
TLSH T1D9116D9C0290551E2BF8CD4DB0BF5614D87C81D43AB66B58D8250DA3E8972606C14FAE
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.45.194.50/main_arm073d1db7dff228825f645b1971bdbb258a906895620de5ab0c8e1b5b393854dc Miraielf mirai ua-wget
http://185.45.194.50/main_arm57f0d6d1973aa134d5427d5b9052345f8437c636f28c99394265dcfef194b2d28 Miraielf mirai ua-wget
http://185.45.194.50/main_arm6d040baaccb6763a08ea801363cc0ad298bf4584381d3e61a194ff1099527f5f4 Miraielf mirai ua-wget
http://185.45.194.50/main_arm7588143b896438846140be19fe6ea748428c53c5fdcc150e69886e32803e0e4d2 Miraielf mirai ua-wget
http://185.45.194.50/main_sh47aa594ac32478082c8cf6dd17646bee9c8a45b13946581f6d26facc295ed307a Miraielf mirai ua-wget
http://185.45.194.50/main_arcn/an/aelf ua-wget
http://185.45.194.50/main_mipsad038d43c788555e7c32f6f5bd53593afd5371f38188de7321d30562aa927c99 Miraielf mirai ua-wget
http://185.45.194.50/main_mipseln/an/aelf ua-wget
http://185.45.194.50/main_sparcn/an/aelf ua-wget
http://185.45.194.50/main_x86_64504e90595c58e00f0914065a74a2fb1e789cd85d929566870a4dd6f75f66b4b3 Miraielf mirai ua-wget
http://185.45.194.50/main_i686n/an/aelf ua-wget
http://185.45.194.50/main_i586n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69292f691b65ca0bb9262262/reports/14a325ee-0b89-464f-b837-93f5b971deb4/overview
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ab81b87819ffa77df34ceb81137a9dfe705ad7531ecb681c5856f88ce8d3a510
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab81b87819ffa77df34ceb81137a9dfe705ad7531ecb681c5856f88ce8d3a510/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=voa3q6az76tx342m5oarg6u57zyfvv2td3fwqhcyk34iz2gtuuia._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251128-fwhrfa1kdm/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ab81b87819ffa77df34ceb81137a9dfe705ad7531ecb681c5856f88ce8d3a510

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ab81b87819ffa77df34ceb81137a9dfe705ad7531ecb681c5856f88ce8d3a510

(this sample)

Mirai

elf 073d1db7dff228825f645b1971bdbb258a906895620de5ab0c8e1b5b393854dc

  
URLhaus
https://urlhaus.abuse.ch/url/3718111/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9b3c2bda39261a71a7f087cb20ac500f
  
Dropping
SHA256 073d1db7dff228825f645b1971bdbb258a906895620de5ab0c8e1b5b393854dc

Comments