MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac9984b335e4c18ba682102c0fc36d0bf43e6cada5c6b90bbe0e10800d3232e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac9984b335e4c18ba682102c0fc36d0bf43e6cada5c6b90bbe0e10800d3232e2
SHA3-384 hash: 1d93e4c7d68bf3d1833d2d740d7a37e70734a2c4f6e72de0e6c06133e074fd086f0c782b7c5495987a4a7efbf1724657
SHA1 hash: a4f7e56f5f627a1588cfd926dc40cb5739af5eb0
MD5 hash: 519663eebea39f58ea8d7a802ee28d80
humanhash: network-potato-ten-south
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:862 bytes
First seen:2025-05-15 10:22:25 UTC
Last seen:2025-05-15 10:42:20 UTC
File type: sh
MIME type:text/plain
ssdeep 24:Zg77tNI751KgFi5Dr8hVcEJtBlMpd/apdhHR:Zg77Y51LFiNr8DLRlMpdipdhx
TLSH T1AF1112CF135691910C4C9D61F16B863C694AAFE030A72FADE98DC8B2E9DCD187165F4C
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.37.61.126/arm0011c8535c4f5fc6b420beed4a20e39dc7d446781d3b95c3c7bb94a275bf334d Miraielf mirai
http://103.37.61.126/arm5c72c8779d52dfcda6c8079e8690b7ab0cc35c64cbf5b011970f1b145eb7129a2 Miraielf mirai
http://103.37.61.126/arm65985e37fd2105109b7705be722ec42ddfa07f74652451ce598e0f4792c5b4f71 Miraielf mirai
http://103.37.61.126/arm734f8f7fc731f12d59ccbe4067d7e35535302d6f27ab53b9ad03057208a8c2264 Miraielf mirai
http://103.37.61.126/m68k5daa89336d1630be641e93d033936d99fc53b0171c8d45b8a833e50a80003f33 Miraielf mirai
http://103.37.61.126/mipsd7b901af36ac50565d06e3ff49cd33a6adf278a331cb3e3784c9f5c7bf1cab89 Miraielf mirai
http://103.37.61.126/mpsle84ec92d4a5449470eed5f83c459cc43b9cce142046b8b76ecdbfc22a1de57cc Miraielf mirai
http://103.37.61.126/ppc30b12ce1140d987c1bbf3b3de85fce2bdcd021cacdd735f4ac6740754f680498 Miraielf mirai
http://103.37.61.126/sh4c6dab815287602d07977d09ae93fb398a051c648122e049fc96e28863468896d Miraielf mirai
http://103.37.61.126/spcn/an/an/a
http://103.37.61.126/x86853edb44aa6729a5bf9da8db9d2506209bb86b4a92e141964c8c406274e0bbaf Miraielf mirai
http://103.37.61.126/x86_6427f4389c21f12fe20ea99f6bb09f76c17f6f74d4f546ae9641aab478333a99ca Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
113
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6825c1dc4a59e5a2ce04c419linux22vpnfull_triage
Tags:
backdoor trojan hype
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6825c08fc609634bd7c35722/reports/0e8b8123-133a-4b41-81a4-e9f74c52d5d1/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ac9984b335e4c18ba682102c0fc36d0bf43e6cada5c6b90bbe0e10800d3232e2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ac9984b335e4c18ba682102c0fc36d0bf43e6cada5c6b90bbe0e10800d3232e2/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-05-15 10:23:04 UTC
File Type:
Text (Shell)
AV detection:
19 of 37 (51.35%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vsmyjmzv4tayxjuccawa7q3nbp2d43fnuxdlsc56byiiadjsglra._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250515-merfksvycz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ac9984b335e4c18ba682102c0fc36d0bf43e6cada5c6b90bbe0e10800d3232e2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ac9984b335e4c18ba682102c0fc36d0bf43e6cada5c6b90bbe0e10800d3232e2

(this sample)

Mirai

elf 0011c8535c4f5fc6b420beed4a20e39dc7d446781d3b95c3c7bb94a275bf334d

  
URLhaus
https://urlhaus.abuse.ch/url/3543951/
  
Delivery method
Distributed via web download
  
Dropping
MD5 71c23e8b5b3245a16c9268bfe13bc700
  
Dropping
SHA256 0011c8535c4f5fc6b420beed4a20e39dc7d446781d3b95c3c7bb94a275bf334d
  
URLhaus
https://urlhaus.abuse.ch/url/3541296/

Comments